---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/ The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. ---------------------------------------------------------------------- TITLE: Microsoft Windows Active Directory Two Vulnerabilities SECUNIA ADVISORY ID: SA26002 VERIFY ADVISORY: http://secunia.com/advisories/26002/ CRITICAL: Moderately critical IMPACT: DoS, System access WHERE: >From local network OPERATING SYSTEM: Microsoft Windows 2000 Server http://secunia.com/product/20/ Microsoft Windows Server 2003 Datacenter Edition http://secunia.com/product/1175/ Microsoft Windows Server 2003 Enterprise Edition http://secunia.com/product/1174/ Microsoft Windows Server 2003 Standard Edition http://secunia.com/product/1173/ Microsoft Windows Server 2003 Web Edition http://secunia.com/product/1176/ Microsoft Windows Storage Server 2003 http://secunia.com/product/12399/ Microsoft Windows 2000 Advanced Server http://secunia.com/product/21/ Microsoft Windows 2000 Datacenter Server http://secunia.com/product/1177/ DESCRIPTION: Two vulnerabilities have been reported in Windows Active Directory, which can be exploited by malicious users and malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. 1) An error within the handling of the number of convertible attributes in LDAP requests can be exploited to cause a DoS or potentially allow execution of arbitrary code via a specially crafted request. Successful exploitation of this vulnerability requires valid logon credentials on Windows Server 2003. 2) An error in the handling of LDAP requests can be exploited to cause the service to temporarily stop responding by sending a specially crafted LDAP request. SOLUTION: Apply patches. Microsoft Windows 2000 Server SP4: http://www.microsoft.com/downloads/details.aspx?FamilyId=812e62c5-6e19-4b3b-8a10-861b871e1b41 Windows Server 2003 SP1/SP2: http://www.microsoft.com/downloads/details.aspx?FamilyId=28e84603-8159-4429-aaff-a1020531e84f Windows Server 2003 x64 Edition (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?FamilyId=107902f9-be94-457f-a936-519efbd64779 Windows Server 2003 for Itanium-based systems SP1/SP2: http://www.microsoft.com/downloads/details.aspx?FamilyId=e5e5b425-fe7d-49d5-973f-f3fd7a1e04eb PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Neel Mehta, IBM Internet Security Systems X-Force. 2) The vendor credits Peter Winter-Smith, NGSSoftware. ORIGINAL ADVISORY: MS07-039 (KB926122): http://www.microsoft.com/technet/security/Bulletin/MS07-039.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------