Signature Detail

LDAP: Microsoft Windows Active Directory Crafted LDAP Request Denial of Service

There exists a denial of service vulnerability in Microsoft Windows Active Directory. The flaw is caused by improper handling of LDAP requests. An unauthenticated remote attacker may exploit this vulnerability by sending a specially crafted LDAP message to the target host, causing the target server to temporarily stop responding. Temporary non-responsive or degraded performance effect may be observed on the target system after processing the crafted LDAP message. If the attack is mounted continuously, a permanent denial-of-service condition could be created.

Extended Description

Microsoft Windows is prone to a remote denial-of-service vulnerability because Microsoft Active Directory fails to handle specially crafted Lightweight Directory Access Protocol (LDAP) requests. An attacker can exploit this issue to cause the affected application to stop responding, denying further service to legitimate users.

Affected Products

• Avaya Customer Interaction Express (CIE) Server 1.0
• Avaya Customer Interaction Express (CIE) User Interface 1.0
• Avaya Customer Interaction Express (CIE) User Interface 1.0.2
• Avaya Messaging Application Server MM 1.1
• Avaya Messaging Application Server MM 2.0
• Avaya Messaging Application Server MM 3.0
• Avaya Messaging Application Server MM 3.1
• Avaya Messaging Application Server
• Microsoft Windows 2000 Server SP1
• Microsoft Windows 2000 Server SP2
• Microsoft Windows 2000 Server SP3
• Microsoft Windows 2000 Server SP4
• Microsoft Windows 2000 Server

References

• BugTraq: 24796
• CVE: CVE-2007-3028