CERTA-2011-AVI-692
Vulnerability from certfr_avis

Une vulnérabilité a été corrigée dans Active Directory, Active Directory en mode application (ADAM) et Active Directory Lightweight Directory Service (AD LDS). Cette vulnérabilité peut être utilisée par une personne malveillante authentifiée sur un domaine Active Directory afin d'exécuter du code arbitraire.

Description

Une vulnérabilité de type corruption de mémoire a été corrigée dans Active Directory en mode application (ADAM) et Active Directory Lightweight Directory Service (AD LDS). Cette vulnérabilité peut être exploitée par une personne malveillante authentifiée sur un domaine Active Directory à l'aide d'une application spécialement conçue pour exécuter du code arbitraire pouvant potentiellement compromettre l'ensemble du domaine.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None
Impacted products
Vendor Product Description
Microsoft Windows Windows Server 2003 Service Pack 2 : Active Directory en mode application (ADAM) :
Microsoft Windows Windows Server 2003 Édition x64 Service Pack 2 : Active Directory ;
Microsoft Windows Windows 7 pour systèmes x64 et Windows 7 pour systèmes x64 Service Pack 1 : Active Directory Lightweight Directory Service (AD LDS) ;
Microsoft Windows Windows 7 pour systèmes 32 bits et Windows 7 pour systèmes 32 bits Service Pack 1 : Active Directory Lightweight Directory Service (AD LDS) ;
Microsoft Windows Windows Vista Service Pack 2 : Active Directory Lightweight Directory Service (AD LDS) ;
Microsoft Windows Windows XP Professionnel Édition x64 Service Pack 2 : Active Directory en mode application (ADAM) ;
Microsoft Windows Windows Server 2008 pour systèmes 32 bits Service Pack 2 : Active Directory et Active Directory Lightweight Directory Service (AD LDS) ;
Microsoft Windows Windows Server 2003 Édition x64 Service Pack 2 : Active Directory en mode application (ADAM) ;
Microsoft Windows Windows Server 2008 pour systèmes x64 Service Pack 2 : Active Directory et Active Directory Lightweight Directory Service (AD LDS) ;
Microsoft Windows Windows Vista Édition x64 Service Pack 2 : Active Directory Lightweight Directory Service (AD LDS) ;
Microsoft Windows Windows XP Service Pack 3 : Active Directory en mode application (ADAM) ;
Microsoft Windows Windows Server 2003 Service Pack 2 : Active Directory ;
Microsoft Windows Windows Server 2003 avec SP2 pour systèmes Itanium : Active Directory ;
Microsoft Windows Windows Server 2008 R2 pour systèmes x64 et Windows Server 2008 R2 pour systèmes x64 Service Pack 1 : Active Directory et Active Directory Lightweight Directory Service (AD LDS).
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Windows Server 2003 Service Pack 2 : Active Directory en mode application (ADAM) :",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2003 \u00c9dition x64 Service Pack 2 : Active Directory ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 7 pour syst\u00e8mes x64 et Windows 7 pour syst\u00e8mes x64 Service Pack 1 : Active Directory Lightweight Directory Service (AD LDS) ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 7 pour syst\u00e8mes 32 bits et Windows 7 pour syst\u00e8mes 32 bits Service Pack 1 : Active Directory Lightweight Directory Service (AD LDS) ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Vista Service Pack 2 : Active Directory Lightweight Directory Service (AD LDS) ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows XP Professionnel \u00c9dition x64 Service Pack 2 : Active Directory en mode application (ADAM) ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2 : Active Directory et Active Directory Lightweight Directory Service (AD LDS) ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2003 \u00c9dition x64 Service Pack 2 : Active Directory en mode application (ADAM) ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2 : Active Directory et Active Directory Lightweight Directory Service (AD LDS) ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Vista \u00c9dition x64 Service Pack 2 : Active Directory Lightweight Directory Service (AD LDS) ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows XP Service Pack 3 : Active Directory en mode application (ADAM) ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2003 Service Pack 2 : Active Directory ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2003 avec SP2 pour syst\u00e8mes Itanium : Active Directory ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 R2 pour syst\u00e8mes x64 et Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1 : Active Directory et Active Directory Lightweight Directory Service (AD LDS).",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 de type corruption de m\u00e9moire a \u00e9t\u00e9 corrig\u00e9e dans\nActive Directory en mode application (ADAM) et Active Directory\nLightweight Directory Service (AD LDS). Cette vuln\u00e9rabilit\u00e9 peut \u00eatre\nexploit\u00e9e par une personne malveillante authentifi\u00e9e sur un domaine\nActive Directory \u00e0 l\u0027aide d\u0027une application sp\u00e9cialement con\u00e7ue pour\nex\u00e9cuter du code arbitraire pouvant potentiellement compromettre\nl\u0027ensemble du domaine.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-3406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3406"
    }
  ],
  "initial_release_date": "2011-12-14T00:00:00",
  "last_revision_date": "2011-12-14T00:00:00",
  "links": [],
  "reference": "CERTA-2011-AVI-692",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-12-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans Active Directory, Active Directory\nen mode application (ADAM) et Active Directory Lightweight Directory\nService (AD LDS). Cette vuln\u00e9rabilit\u00e9 peut \u00eatre utilis\u00e9e par une\npersonne malveillante authentifi\u00e9e sur un domaine Active Directory afin\nd\u0027ex\u00e9cuter du code arbitraire.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Active Directory",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS11-095 du 13 d\u00e9cembre 2011",
      "url": "http://technet.microsoft.com/en-us/security/bulletin/MS11-095"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.