| TIP: Click on subject to list as thread! | ANSI |
| echo: | |
|---|---|
| to: | |
| from: | |
| date: | |
| subject: | Re: Post SP4 report of bug fixed in SP4 |
From: Chris Robinson That sounds a bit dodgy (OK, very dodgy!) - and not too difficult to do by the sounds of it - I wonder if anyone's servers got taken down by this method? (even if they did, there was nothing they could do about it for a month!). Chris. "Geo." wrote: > that didn't take long... They only sat on this one for a month. > Geo. > ----------------- > The vulnerability can be triggered when an LDAP version 3 search request > with more than 1000 "AND" statements is sent to the server, resulting in a > stack overflow and subsequent crash of the Lsaas.exe service. > This in turn, will force a domain controller to stop responding, thus > making possible a denial of service attack against it. The LDAP request > does not need to be authenticated. > The possibility of exploiting this vulnerability to execute arbitrary code > on a vulnerable server has not been proved but is not discarded. --- BBBS/NT v4.01 Flag-4* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45) SEEN-BY: 633/267 270 @PATH: 379/45 1 633/267 |
|
| SOURCE: echomail via fidonet.ozzmosis.com | |
Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.