Lucene search
RootSSV:3416HistoryJun 14, 2008 - 12:00 a.m.
Microsoft Windows活动目录LDAP请求远程拒绝服务漏洞(MS08-035)
2008-06-1400:00:00
Root
www.seebug.org
10
EPSS
0.933
Percentile
99.1%
BUGTRAQ ID: 29584
CVE(CAN) ID: CVE-2008-1445
Microsoft Windows是微软发布的非常流行的操作系统。
Windows中的活动目录组件没有正确地验证LDAP请求,如果远程攻击者向ADAM、活动目录或AD LDS服务器发送了特制的LDAP请求报文的话,就可能导致系统停止响应并自动重新启动。
Microsoft Windows XP SP3
Microsoft Windows XP SP2
Microsoft Windows Server 2008
Microsoft Windows Server 2003 SP2
Microsoft Windows Server 2003 SP1
Microsoft Windows 2000SP4
临时解决方法:
- 在外围防火墙处阻止TCP 389和3268端口。
厂商补丁:
Microsoft
Microsoft已经为此发布了一个安全公告(MS08-035)以及相应补丁:
MS08-035:Vulnerability in Active Directory Could Allow Denial of Service (953235)
链接:<a href=“http://www.microsoft.com/technet/security/bulletin/MS08-035.mspx?pf=true” target=“_blank”>http://www.microsoft.com/technet/security/bulletin/MS08-035.mspx?pf=true</a>
Related
nessus
nessus
checkpoint_advisories
checkpoint_advisories
securityvulns
securityvulns
Microsoft Active Directory DoS
2008-06-14 00:00:00
Securify bulletin: Microsoft Active Directory Denial-of-service
2008-06-14 00:00:00
openvas
openvas
Microsoft Active Directory Denial of Service Vulnerability (953235)
2011-01-18 00:00:00
Microsoft Active Directory Denial of Service Vulnerability (953235)
2011-01-18 00:00:00
cve
cve
CVE-2008-1445
2008-06-12 02:32:00
prion
prion
Cross site request forgery (csrf)
2008-06-12 02:32:00
cvelist
cvelist
CVE-2008-1445
2008-06-12 01:30:00
nvd
nvd
CVE-2008-1445
2008-06-12 02:32:00