Microsoft Windows 2000 Domain Controller LSASS LDAP message denial of service

win2k-lsass-ldap-dos (15700)

Medium Risk

Description:

Microsoft Windows 2000 Servers when serving as Domain Controllers are vulnerable to a denial of service attack. By sending a specially-crafted LDAP (Lightweight Directory Access Protocol) message to the affected domain controller, a remote attacker could cause the system to restart and the Local Security Authority Subsystem Service (LSASS) service to stop responding to authentication requests.

Platforms Affected:

• Microsoft, Windows 2000 Server

Remedy:

Apply the appropriate patch for your system, as listed in the Microsoft Security Bulletin MS04-011. See References.

Consequences:

Denial of Service

References:

• CIAC Information Bulletin O-114, Microsoft Security Update for Microsoft Windows at http://www.ciac.org/ciac/bulletins/o-114.shtml.
• CIAC Information Bulletin O-114, Microsoft Security Update for Microsoft Windows [REVISED 25 Jun 2004] at http://www.ciac.org/ciac/bulletins/o-114.shtml.
• Internet Security Systems Security Alert, April 13, 2004, Multiple Vulnerabilities in Microsoft Products at http://xforce.iss.net/xforce/alerts/id/169.
• Microsoft Security Bulletin MS04-011, Security Update for Microsoft Windows (835732) at http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx.
• BID-10114: Microsoft Windows 2000 Domain Controller LDAP Denial Of Service Vulnerability
• CVE-2003-0663: Unknown vulnerability in the Local Security Authority Subsystem Service (LSASS) in Windows 2000 domain controllers allows remote attackers to cause a denial of service via a crafted LDAP message.
• US-CERT VU#639428: Microsoft Windows 2000 LSASS fails to properly handle certain LDAP messages

Reported:

Apr 13, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page