CVE-2009-1139

Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability."

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://www.securitytracker.com/id?1022349
http://osvdb.org/54938
http://www.securityfocus.com/bid/35225
http://secunia.com/advisories/35355
http://support.avaya.com/elmodocs2/security/ASA-2009-214.htm
http://www.vupen.com/english/advisories/2009/1537
http://www.us-cert.gov/cas/techalerts/TA09-160A.html	US Government Resource
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6253
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-018

Advertisement

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:microsoft:adam:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:microsoft:windows_xp::sp2:professional:::::
	cpe:2.3:o:microsoft:windows_xp:-:sp3:professional:::::*
	cpe:2.3:o:microsoft:windows_xp::sp2:professional_x64:::::
	cpe:2.3:o:microsoft:windows_xp:::professional_x64:::::*
	cpe:2.3:o:microsoft:windows_server_2003::sp1::::::*
	cpe:2.3:o:microsoft:windows_server_2003::::::::
	cpe:2.3:o:microsoft:windows_server_2003::sp2::::::*

Configuration 2 (hide)

OR	cpe:2.3:o:microsoft:windows_2000::sp4::::::*
	cpe:2.3:o:microsoft:windows_server_2003::sp1:itanium:::::
	cpe:2.3:o:microsoft:windows_server_2003::sp2::::::*

Information

Published : 2009-06-10 11:00

Updated : 2019-04-30 07:27

NVD link : CVE-2009-1139

Mitre link : CVE-2009-1139

JSON object : View

CWE

CWE-399

Resource Management Errors

Advertisement

Products Affected

microsoft

windows_xp
adam
windows_2000
windows_server_2003

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securitytracker.com/id?1022349", "name": "1022349", "tags": [], "refsource": "SECTRACK"}, {"url": "http://osvdb.org/54938", "name": "54938", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.securityfocus.com/bid/35225", "name": "35225", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/35355", "name": "35355", "tags": [], "refsource": "SECUNIA"}, {"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-214.htm", "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-214.htm", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.vupen.com/english/advisories/2009/1537", "name": "ADV-2009-1537", "tags": [], "refsource": "VUPEN"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html", "name": "TA09-160A", "tags": ["US Government Resource"], "refsource": "CERT"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6253", "name": "oval:org.mitre.oval:def:6253", "tags": [], "refsource": "OVAL"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-018", "name": "MS09-018", "tags": [], "refsource": "MS"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka \"Active Directory Memory Leak Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-399"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2009-1139", "ASSIGNER": "secure@microsoft.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "severity": "HIGH", "impactScore": 6.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2009-06-10T18:00Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:adam:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:sp3:professional:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:*:professional_x64:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "operator": "AND", "cpe_match": []}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:*:sp1:itanium:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2019-04-30T14:27Z"}