Active Directory DoS

Active Directory, which is an essential component of the Windows 2000 architecture, presents organizations with a directory service designed for distributed computing environments. Active Directory allows organizations to centrally manage and share information on network resources and users while acting as the central authority for network security. The directory services provided by Active Directory are based on the Lightweight Directory Access Protocol (LDAP) and thus Active Directory objects can be stored and retrieved using the LDAP protocol. A vulnerability in Active Directory allows an attacker to crash and force a reboot of any Windows 2000 Server running the Active Directory service. The vulnerability can be triggered when an LDAP version 3 search request with more than 1000 "AND" statements is sent to the server, resulting in a stack overflow and subsequent crash of the Lsaas.exe service. This in turn, will force a domain controller to stop responding, thus making possible a denial of service attack against it. The LDAP request does not need to be authenticated. The possibility of exploiting this vulnerability to execute arbitrary code on a vulnerable server has not been proved but is not discarded.