{"vuid":"VU#639428","idnumber":"639428","name":"Microsoft Windows 2000 LSASS fails to properly handle certain LDAP messages","keywords":["Microsoft","Windows 2000","Local Security Authority Subsystem Service","LSASS","Lightweight Directory Access Protocol","LDAP message","Q835732","MS04-011"],"overview":"A vulnerability exists in the Lightweight Directory Access Protocol (LDAP) message processing of the Windows 2000 domain controller. An attacker may be able to cause a denial-of-service condition to the vulnerable Active Directory domain.","clean_desc":"A vulnerability exists in the processing of Lightweight Directory Access Protocol (LDAP) messages by the Windows 2000 domain controller. An attacker may be able send a crafted LDAP message to the vulnerable system and stop the authentication service for the Active Directory domain to stop.","impact":"A remote attacker may be able to stop the authentication service, causing a denial-of-service condition for the Active Directory domain.","resolution":"Apply a patch from the vendor Microsoft Security Bulletin MS04-011 contains patch information to resolve this issue.","workarounds":"","sysaffected":"","thanks":"Thanks to Microsoft for reporting this vulnerability.","author":"This document was written by Jason A Rafail.","public":["h","t","t","p",":","/","/","w","w","w",".","m","i","c","r","o","s","o","f","t",".","c","o","m","/","t","e","c","h","n","e","t","/","s","e","c","u","r","i","t","y","/","b","u","l","l","e","t","i","n","/","m","s","0","4","-","0","1","1",".","m","s","p","x"],"cveids":["CVE-2003-0663"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-04-13T18:53:43Z","publicdate":"2004-04-13T00:00:00Z","datefirstpublished":"2004-04-14T01:55:43Z","dateupdated":"2004-04-14T01:56:32Z","revision":2,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"15","cam_population":"13","cam_impact":"3","cam_easeofexploitation":"15","cam_attackeraccessrequired":"15","cam_scorecurrent":"4.9359375","cam_scorecurrentwidelyknown":"5.75859375","cam_scorecurrentwidelyknownexploited":"9.04921875","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":4.9359375,"vulnote":null}