Информационная безопасность
[RU] switch to English


Переполнение массива в Active Directory Microsoft Windows (array overflow)
дополнено с 10 июля 2007 г.
Опубликовано:11 июля 2007 г.
Источник:
SecurityVulns ID:7910
Тип:удаленная
Уровень опасности:
7/10
Описание:Переполнение индекса массива при разборе запроса LDAP.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2003 Server
CVE:CVE-2007-3028 (The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040.)
 CVE-2007-0040 (The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes.")
Оригинальный текстdocumentNGSSoftware Insight Security Research Advisory (NISR), Low Risk Vulnerability in Active Directory (11.07.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS07-039 - Critical Vulnerability in Windows Active Directory Could Allow Remote Code Execution (926122) (10.07.2007)
Файлы:Microsoft Security Bulletin MS07-039 - Critical Vulnerability in Windows Active Directory Could Allow Remote Code Execution (926122)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород