Signature Detail

LDAP: LSASS Heap Overflow Vulnerability

This signature detects attempts to exploit a known vulnerability in the implementation of the LDAP protocol Microsoft uses for Domain control. A malformed LDAP request can result in remote code execution.

Extended Description

Microsoft Windows Local Security Authority Subsystem Service (LSASS) is prone to a privilege-escalation vulnerability. This issue occurs in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (ADLDS). An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will facilitate in the complete compromise of affected computers.

Affected Products

• Avaya Aura Conferencing 6.0 Standard
• Avaya CallPilot Unified Messaging
• Avaya Meeting Exchange - Client Registration Server
• Avaya Meeting Exchange - Recording Server
• Avaya Meeting Exchange - Streaming Server
• Avaya Meeting Exchange - Web Conferencing Server
• Avaya Meeting Exchange - Webportal
• Avaya Messaging Application Server 4
• Avaya Messaging Application Server 5
• Avaya Messaging Application Server MM 1.1
• Avaya Messaging Application Server MM 2.0
• Avaya Messaging Application Server MM 3.0
• Avaya Messaging Application Server MM 3.1
• Avaya Messaging Application Server
• Microsoft Active Directory
• Microsoft Active Directory Application Mode (ADAM)
• Microsoft Active Directory Lightweight Directory Service

References

• BugTraq: 43037
• CVE: CVE-2010-0820