Alert GCSA-09105 - Vulnerabilita' in Microsoft Active Directory
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-09105
Data : 11 Novembre 2009
Titolo : Vulnerabilita' in Microsoft Active Directory (MS09-066)
******************************************************************
:: Descrizione del problema
E' stata identificata una vulnerabilita' nel servizio Microsoft Active
Directory, Active Directory Application Mode (ADAM) e Active Directory
Lightweight Directory Service (AD LDS), che potrebbe essere sfruttata
per causare il blocco di una macchina che ne sia affetta.
La vulnerabilita' e' dovuta ad un errore nell'implementazione di ADAM e
AD LDS nell'elaborare richieste LDAP o LDAPS malformate, che potrebbero
causare Denial of Service su un sistema vulnerabile.
:: Software interessato
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Service Pack 3
Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows Server 2003 SP2 (Itanium)
Microsoft Windows Vista
Microsoft Windows Vista Service Pack 1
Microsoft Windows Vista Service Pack 2
Microsoft Windows Vista x64 Edition
Microsoft Windows Vista x64 Edition Service Pack 1
Microsoft Windows Vista x64 Edition Service Pack 2
Microsoft Windows Server 2008 (32-bit)
Microsoft Windows Server 2008 (32-bit) Service Pack 2
Microsoft Windows Server 2008 (x64)
Microsoft Windows Server 2008 (x64) Service Pack 2
Microsoft Windows Server 2008 (Itanium)
Microsoft Windows Server 2008 (Itanium) Service Pack 2
:: Impatto
Denial of Service
:: Soluzioni
Applicare gli aggiornamenti rilasciati da Microsoft:
http://www.microsoft.com/technet/security/Bulletin/ms09-066.mspx
:: Riferimenti
Microsoft Security Bulletin MS09-066
http://www.microsoft.com/technet/security/Bulletin/ms09-066.mspx
Secunia
http://secunia.com/advisories/37304
http://secunia.com/advisories/37309
VuPEN
http://www.vupen.com/english/advisories/2009/3192
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1928
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSvqnsvOB+SpikaiRAQIgewQAykttQkE6eMtATpwhW5/kuUwZNdooHxJT
6MY0QBt4wwhh7Whz5GF6EaIe9gTdU76urDuKy8V9QZqWgt2kOZEEPrAkxeSFykKD
zL0sQQo2RxFuWDX8pLkdRwkJV/dKggHrmPErBYqW0rrXL9S/jsK8ch03D8Z1okR4
2VXcUcDjBw4=
=OzNf
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-09105
Data : 11 Novembre 2009
Titolo : Vulnerabilita' in Microsoft Active Directory (MS09-066)
******************************************************************
:: Descrizione del problema
E' stata identificata una vulnerabilita' nel servizio Microsoft Active
Directory, Active Directory Application Mode (ADAM) e Active Directory
Lightweight Directory Service (AD LDS), che potrebbe essere sfruttata
per causare il blocco di una macchina che ne sia affetta.
La vulnerabilita' e' dovuta ad un errore nell'implementazione di ADAM e
AD LDS nell'elaborare richieste LDAP o LDAPS malformate, che potrebbero
causare Denial of Service su un sistema vulnerabile.
:: Software interessato
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Service Pack 3
Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows Server 2003 SP2 (Itanium)
Microsoft Windows Vista
Microsoft Windows Vista Service Pack 1
Microsoft Windows Vista Service Pack 2
Microsoft Windows Vista x64 Edition
Microsoft Windows Vista x64 Edition Service Pack 1
Microsoft Windows Vista x64 Edition Service Pack 2
Microsoft Windows Server 2008 (32-bit)
Microsoft Windows Server 2008 (32-bit) Service Pack 2
Microsoft Windows Server 2008 (x64)
Microsoft Windows Server 2008 (x64) Service Pack 2
Microsoft Windows Server 2008 (Itanium)
Microsoft Windows Server 2008 (Itanium) Service Pack 2
:: Impatto
Denial of Service
:: Soluzioni
Applicare gli aggiornamenti rilasciati da Microsoft:
http://www.microsoft.com/technet/security/Bulletin/ms09-066.mspx
:: Riferimenti
Microsoft Security Bulletin MS09-066
http://www.microsoft.com/technet/security/Bulletin/ms09-066.mspx
Secunia
http://secunia.com/advisories/37304
http://secunia.com/advisories/37309
VuPEN
http://www.vupen.com/english/advisories/2009/3192
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1928
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSvqnsvOB+SpikaiRAQIgewQAykttQkE6eMtATpwhW5/kuUwZNdooHxJT
6MY0QBt4wwhh7Whz5GF6EaIe9gTdU76urDuKy8V9QZqWgt2kOZEEPrAkxeSFykKD
zL0sQQo2RxFuWDX8pLkdRwkJV/dKggHrmPErBYqW0rrXL9S/jsK8ch03D8Z1okR4
2VXcUcDjBw4=
=OzNf
-----END PGP SIGNATURE-----