F-Secure
Tools
LSASS Recursive Stack Overflow Vulnerability
| Report ID: | SA200906003 |
| Source: | F-Secure |
| Date of Discovery: | 10.11.2009 |
| Criticality: | Urgent |
| Affects: | Microsoft Windows 2000 Server Service Pack 4 Windows XP Service Pack 2 and Windows XP Service Pack 3 Windows XP Professional x64 Edition Service Pack 2 Windows Server 2003 Service Pack 2 Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2* Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2* *Server Core installation affected. |
| Compromise From: | From remote |
| Compromise Type: | DoS |
Summary
A vulnerability has been reported in the Active Directory of the Windows 2000 Server, Windows XP, Windows Server 2003 and Windows Server 2008 operating systems. If the vulnerabily is exploited, it can result in a denial of service.
Detailed Description
This vulnerability only affects systems and domain controllers configured to run the Active Directory directory service, Active Directory Application Mode (ADAM) and Active Directory Lightweight Directory Service (AD LDS).
A denial of service can occur if stack space is exhausted during the execution of certain types of requests.
Solution
Apply patches.
Windows Server 2003 x64 Edition
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=509aeec0-112b-44ab-8686-43f381b61940
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=87f2109e-5129-467c-930f-70af31ebf5de
Windows Server 2003
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=44cb9029-4b19-4bad-8fc9-3efe285adb0e
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=28f1c494-4e16-43b6-93d2-49e15f142ac9
Windows XP
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=cbe09780-f288-457a-b254-58c9c8744055
Windows XP x64 Edition
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=b65ddf36-a02d-4aa2-9b4f-7416dbf59e2a
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=631cfd2e-aef6-4414-9682-fb99694f5eec
Windows Server 2003 for Itanium-based Systems
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=040e691b-1ef0-4b73-bef7-a1d77b84b0ca
Windows 2000
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=297158cf-374c-45d9-b213-978e1f54d244
Windows Server 2008
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=701abf15-7f93-41de-8d09-13404fd79a7e
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=509aeec0-112b-44ab-8686-43f381b61940
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=87f2109e-5129-467c-930f-70af31ebf5de
Windows Server 2003
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=44cb9029-4b19-4bad-8fc9-3efe285adb0e
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=28f1c494-4e16-43b6-93d2-49e15f142ac9
Windows XP
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=cbe09780-f288-457a-b254-58c9c8744055
Windows XP x64 Edition
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=b65ddf36-a02d-4aa2-9b4f-7416dbf59e2a
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=631cfd2e-aef6-4414-9682-fb99694f5eec
Windows Server 2003 for Itanium-based Systems
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=040e691b-1ef0-4b73-bef7-a1d77b84b0ca
Windows 2000
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=297158cf-374c-45d9-b213-978e1f54d244
Windows Server 2008
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=701abf15-7f93-41de-8d09-13404fd79a7e
Original Reference
-