Content
(MS09-018) Microsoft Windows Active Directory Invalid Free Vulnerability (971055)
- Type
- Format String
- Impact of exploitation
- Remote Code Execution
- User Interaction
- no user interaction is needed
- Attack Vector
- Malicious remote network traffic
- Rating
- Medium
- CVE reference
- CVE-2009-1138,
- Vendor Status
- Responded and patched
- Vulnerable systems
- Windows 2000 SP4,
- Summary
- A vulnerability in Microsoft Active Directory may allow for remote code execution attacks.
Tab Navigation
Description
A vulnerability in Microsoft Active Directory may allow for remote code execution attacks. The flaw is specific to the implementation of Active Directory on Windows servers. Under certain conditions the server will incorrectly free memory while processing LDAP or LDAPS requests. Exploitation can be achieved by sending specially-crafted LDAP or LDAPS requests to a vulnerable server.
McAfee Product Mitigation & Recommendations
Recommendations
The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-018.mspx
McAfee Product Mitigation
McAfee Foundstone
The FSL package of June 10 includes a vulnerability check to assess if your systems are at risk.
- Signature:
- FSL Update
- Signature identifier:
- 6742
- Release date:
- 6/9/2009
- First released in:
- (MS09-018) Microsoft Windows Active Directory Invalid Free Vulnerability (971055)
McAfee Intrushield
- Signature:
- LDAP: Microsoft Windows Active Directory Invalid Free Vulnerability
- Signature identifier:
- 0x41702300
- Release date:
- 6/9/2009
- First released in:
- 4.1.51, 5.1.21
The Remedy V-Flash of June 10 will contain remedies for Windows.
- Signature:
- The V-Flash of 6/10/2009…
Additional Resources
Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055)
http://www.microsoft.com/technet/security/bulletin/ms09-018.mspx
All Information
Timeline -
6/9/2009
Vendor has provided a patch.
Description -
A vulnerability in Microsoft Active Directory may allow for remote code execution attacks. The flaw is specific to the implementation of Active Directory on Windows servers. Under certain conditions the server will incorrectly free memory while processing LDAP or LDAPS requests. Exploitation can be achieved by sending specially-crafted LDAP or LDAPS requests to a vulnerable server.
McAfee Product Mitigation & Recommendations
Recommendations -
The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-018.mspx
McAfee Product Mitigation
McAfee Foundstone
The FSL package of June 10 includes a vulnerability check to assess if your systems are at risk.
- Signature:
- FSL Update
- Signature identifier:
- 6742
- Release date:
- 6/9/2009
- First released in:
- (MS09-018) Microsoft Windows Active Directory Invalid Free Vulnerability (971055)
McAfee Intrushield
- Signature:
- LDAP: Microsoft Windows Active Directory Invalid Free Vulnerability
- Signature identifier:
- 0x41702300
- Release date:
- 6/9/2009
- First released in:
- 4.1.51, 5.1.21
The Remedy V-Flash of June 10 will contain remedies for Windows.
- Signature:
- The V-Flash of 6/10/2009…
Additional Resources
Additional Resources -
Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055)
http://www.microsoft.com/technet/security/bulletin/ms09-018.mspx
