Follow:

Policy:Win/ActiveDirectory.NetLogon.DoS!CVE-2011-0040

Severity rating
Important

Class/Type
Policy

Discovered date
2011-02-08T00:00:00

Attack vector
Remote

Authentication required
No

Public exploits available
No

Signature detection
Medium



On this page




Description

A denial of service vulnerability exists in implementations of Microsoft Windows Active Directory due to improper validation of service principal names (SPN), which could result in SPN collisions. When this occurs, services that use the SPN will downgrade to NTLM if configured to negotiate. Services that are not configured to negotiate will become unavailable, resulting in a denial of service condition.



Impact

An attacker who successfully exploited this vulnerability could cause the affected system to stop responding.



Technical details (analysis)

This is an authentication downgrade as well as a denial of service vulnerability. An attacker who exploited this vulnerability could cause the affected system to downgrade from Kerberos to NTLM, and in the worst case, cause the service to stop responding. Active Directory improperly processes specially crafted requests to update the service principal name (SPN) and can result in name collisions in the domain.



Affected software

Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems



Non-affected software

All applications not on the affected list.



References




Solutions




NIS signature

Name: Policy:Win/ActiveDirectory.NetLogon.DoS!CVE-2011-0040
Release Date: 2011-02-08T00:00:00



Known false positives

No known false positives at this time.



Work-arounds

No known work-arounds at this time.