Active Directory DoS v1.7 Vulnerability exploited: CAN-2003-0507 - BID-7930 Category: Denial of Service/Remote This module restarts a Windows 2000 machine running an Active Directory server. Active Directory, which is an essential component of the Windows 2000 architecture, presents organizations with a directory service designed for distributed computing environments. Active Directory allows organizations to centrally manage and share information on network resources and users while acting as the central authority for network security.The directory services provided by Active Directory are based on the Lightweight Directory Access Protocol (LDAP) and thus Active Directory objects can be stored and retrieved using the LDAP protocol.A vulnerability in Active Directory allows an attacker to crash and force a reboot of any Windows 2000 Server running the Active Directory service.The vulnerability can be triggered when an LDAP version 3 search request with more than 1000 "AND" statements is sent to the server, resulting in a stack overflow and subsequent crash of the Lsaas.exe service.This in turn, will force a domain controller to stop responding, thus making possible a denial of service attack against it. The LDAP request does not need to be authenticated.The possibility of exploiting this vulnerability to execute arbitrary code on a vulnerable server has not been proved but is not discarded. Supported Systems: Windows 2000 Server - sp0 (i386) Windows 2000 Server - sp1 (i386) Windows 2000 Server - sp2 (i386) Windows 2000 Server - sp3 (i386) Windows 2000 Server - sp4 (i386) Windows 2000 Advanced Server - sp0 (i386) Windows 2000 Advanced Server - sp1 (i386) Windows 2000 Advanced Server - sp2 (i386) Windows 2000 Advanced Server - sp3 (i386) Windows 2000 Advanced Server - sp4 (i386) This module is included in the latest version of CORE IMPACT, the first automated comprehensive penetration testing product for accurately identifying information security risks. Click here to learn more about the product.