ID CVE-2009-1139
Summary Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:adam:*:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:adam:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:*:professional_x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:*:professional_x64:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp2:professional:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp2:professional:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:-:sp3:professional:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:-:sp3:professional:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2003:*:sp1:itanium:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2003:*:sp1:itanium:*:*:*:*:*
CVSS
Base: 7.8 (as of 30-04-2019 - 14:27)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:C
msbulletin via4
bulletin_id MS09-018
bulletin_url
date 2009-06-09T00:00:00
impact Remote Code Execution
knowledgebase_id 971055
knowledgebase_url
severity Critical
title Vulnerabilities in Active Directory Could Allow Remote Code Execution
oval via4
accepted 2014-04-07T04:06:55.913-04:00
class vulnerability
contributors
  • name Dragos Prisaca
    organization Gideon Technologies, Inc.
  • name J. Daniel Brown
    organization DTCC
  • name Sharath S
    organization SecPod Technologies
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Pooja Shetty
    organization SecPod Technologies
definition_extensions
  • comment Microsoft Windows 2000 SP4 or later is installed
    oval oval:org.mitre.oval:def:229
  • comment Microsoft Windows Server 2003 SP2 (x86) is installed
    oval oval:org.mitre.oval:def:1935
  • comment Microsoft Windows Server 2003 SP2 (x64) is installed
    oval oval:org.mitre.oval:def:2161
  • comment Microsoft Windows XP (x86) SP2 is installed
    oval oval:org.mitre.oval:def:754
  • comment Microsoft Windows XP (x86) SP3 is installed
    oval oval:org.mitre.oval:def:5631
  • comment Microsoft Windows XP x64 Edition SP2 is installed
    oval oval:org.mitre.oval:def:4193
description Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability."
family windows
id oval:org.mitre.oval:def:6253
status accepted
submitted 2009-06-09T14:00:00
title Active Directory Memory Leak Vulnerability
version 79
refmap via4
bid 35225
cert TA09-160A
confirm http://support.avaya.com/elmodocs2/security/ASA-2009-214.htm
osvdb 54938
sectrack 1022349
secunia 35355
vupen ADV-2009-1537
Last major update 30-04-2019 - 14:27
Published 10-06-2009 - 18:00
Last modified 30-04-2019 - 14:27
Back to Top