ID CVE-2009-1139
Summary Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:adam:*:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:adam:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:*:professional_x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:*:professional_x64:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp2:professional:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp2:professional:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:-:sp3:professional:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:-:sp3:professional:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2003:*:sp1:itanium:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2003:*:sp1:itanium:*:*:*:*:*
CVSS
Base: 7.8 (as of 30-04-2019 - 14:27)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:C
oval via4
accepted 2014-04-07T04:06:55.913-04:00
class vulnerability
contributors
  • name Dragos Prisaca
    organization Gideon Technologies, Inc.
  • name J. Daniel Brown
    organization DTCC
  • name Sharath S
    organization SecPod Technologies
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Pooja Shetty
    organization SecPod Technologies
definition_extensions
  • comment Microsoft Windows 2000 SP4 or later is installed
    oval oval:org.mitre.oval:def:229
  • comment Microsoft Windows Server 2003 SP2 (x86) is installed
    oval oval:org.mitre.oval:def:1935
  • comment Microsoft Windows Server 2003 SP2 (x64) is installed
    oval oval:org.mitre.oval:def:2161
  • comment Microsoft Windows XP (x86) SP2 is installed
    oval oval:org.mitre.oval:def:754
  • comment Microsoft Windows XP (x86) SP3 is installed
    oval oval:org.mitre.oval:def:5631
  • comment Microsoft Windows XP x64 Edition SP2 is installed
    oval oval:org.mitre.oval:def:4193
description Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability."
family windows
id oval:org.mitre.oval:def:6253
status accepted
submitted 2009-06-09T14:00:00
title Active Directory Memory Leak Vulnerability
version 73
refmap via4
bid 35225
cert TA09-160A
confirm http://support.avaya.com/elmodocs2/security/ASA-2009-214.htm
ms MS09-018
osvdb 54938
sectrack 1022349
secunia 35355
vupen ADV-2009-1537
Last major update 30-04-2019 - 14:27
Published 10-06-2009 - 18:00
Back to Top