Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

S-182: Vulnerability in Active Directory

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) S-182: Vulnerability in Active Directory
# 1  
Old 02-13-2008
S-182: Vulnerability in Active Directory
A denial of service vulnerability exists in implementations of Active Directory on Microsoft Windows 2000 and Windows Server 2003. The risk is LOW. The vulnerability also exists in implementations of Active Directory Application Mode (ADAM) when installed on Windows XP and Windows Server 2003. The vulnerability is due to improper validation of specially crafted LDAP requests. An attacker who successfully exploited this vulnerability could cause the computer to stop responding and automatically restart.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread

8 More Discussions You Might Find Interesting

1. UNIX for Beginners Questions & Answers

Active Directory OR LDAP

Hi, How can we check users added through LDAP or AD. Users added through a group of AD or LDAP group. (2 Replies)
Discussion started by: Nishit
2 Replies

2. UNIX for Advanced & Expert Users

Active Directory with 6.1

Is there anyone who is utilizing Active Directory (2008R2) for AIX user account management? If yes or if AD is possible with AIX systems, can you please share what to be done to get there? Please advise. (1 Reply)
Discussion started by: Daniel Gate
1 Replies

3. Solaris

active directory equivalent for unix

At the moment we are integrating LDAP in our environment. Compared to Windows this process is much complicated and time consuming. With Windows you had Active Directory and if you create a new server, you just add it to the domain and your finished. Yes, I know Unix is not Windows. Are there... (1 Reply)
Discussion started by: misterx12345
1 Replies

4. Red Hat

ldap and active directory

Hi Friends, I need your help to get some solution of one of my problem. Ours is a mixed domain. Most of the servers are windows and very little linux servers. We are using the MS AD for authentication. My problem is, I want to authenticate linux servers against AD. I donot want to use any... (1 Reply)
Discussion started by: arumon
1 Replies

5. HP-UX

HP-UX authenticating to Active Directory

Hey, I've asked questions about this project here before and gotten lots of help so I figured I'd give it another try. I've recently set up my HP-UX environment to authenticate to a Windows Active Directory server (Windows Server 2003 R2). I setup an account on Active Directory which works... (2 Replies)
Discussion started by: Rike255
2 Replies

6. UNIX for Dummies Questions & Answers

setup active directory

i would like to ask about unix with active directory..actually my situation is at ny place there already have dns server in unix based,i want to implement an active directory to the network..from what i read about active directory we have to used bind dns...some say that bind could not handle in... (1 Reply)
Discussion started by: nour
1 Replies

7. UNIX for Dummies Questions & Answers

Active Directory and UNIX

Hello - I have a very vague question, which will probably result in vague answers because I don't have a lot of detailed information and I don't know a whole lot about active directory. Our Windows/NT admin has been rolling out Active Directory over the past several weeks and as time goes on,... (1 Reply)
Discussion started by: rm -r *
1 Replies

8. Windows & DOS: Issues & Discussions

unix and active directory

Hi Does anybody know the steps and requirements of the installation process of Windows Active Directory using Unix/Linux Bind DNS. I will appreciate if somebody gives the answer. (1 Reply)
Discussion started by: Darwin Rodrigue
1 Replies
Login or Register to Ask a Question

LEARN ABOUT OPENSOLARIS

smb

smb(4)								   File Formats 							    smb(4)

NAME

       smb - configuration properties for Solaris CIFS server

DESCRIPTION

       Behavior of the Solaris CIFS server is defined by property values that are stored in the Service Management Facility, smf(5).

       An authorized user can use the sharectl(1M) command to set global values for these properties in SMF.

       The following list describes the properties:

       ads_site

	   Specifies the site configured in DNS to look up Active Directory information. An Active Directory site is the local Active Directory NT
	   domain name that has a different subnet controlling the Active Directory server.

	   The value should not be set if you do not have a local Active Directory site or if the same subnet is used by the local  Active  Direc-
	   tory NT domain. By default, no value is set.

       autohome_map

	   Specifies the full path for the autohome map file, smb_autohome.map. The default path is /etc.

       ddns_enable

	   Enables  or	disables dynamic DNS updates. A value of true enables dynamic updates, while a value of false disables dynamic updates. By
	   default, the value is false.

       keep_alive

	   Specifies the number of seconds before an idle SMB connection is dropped by the Solaris CIFS server. If set to 0, idle connections  are
	   not dropped. Valid values are 0 and from 20 seconds and above. The default value is 5400 seconds.

       lmauth_level

	   Specifies  the  LAN	Manager  (LM)  authentication level. The LM compatibility level controls the type of user authentication to use in
	   workgroup mode or domain mode. The default value is 3.

	   The following describes the behavior at each level.

	   2		In Windows workgroup mode, the Solaris CIFS server accepts LM, NTLM, LMv2, and NTLMv2 responses. In NT	domain	mode,  the
			SMB redirector on the Solaris CIFS server sends NTLM responses.

	   3		In  Windows  workgroup	mode, the Solaris CIFS server accepts LM, NTLM, LMv2, and NTLMv2 responses. In NT domain mode, the
			SMB redirector on the Solaris CIFS server sends LMv2 and NTLMv2 responses.

	   4		In Windows workgroup mode, the Solaris CIFS server accepts NTLM, LMv2, and NTLMv2 responses. In NT domain  mode,  the  SMB
			redirector on the Solaris CIFS server sends LMv2 and NTLMv2 responses.

	   5		In  Windows workgroup mode, the Solaris CIFS server accepts LMv2 and NTLMv2 responses. In NT domain mode, the SMB redirec-
			tor on the Solaris CIFS server sends LMv2 and NTLMv2 responses.

       netbios_scope

	   Specifies the NetBIOS scope identifier, which identifies logical NetBIOS networks that are on the same physical network. When you spec-
	   ify	a  NetBIOS scope identifier, the server is only able to communicate with other systems that have the same scope defined. The value
	   is a text string that represents a domain name and is limited to 16 characters. By default, no value is set.

	   Most environments do not require the use of the NetBIOS scope feature. If you must use this feature, ensure that you  track	the  scope
	   identifier assigned to each node.

       oplock_enable

	   Enables  or disables opportunistic lock (oplock) support on the Solaris CIFS server. A Solaris CIFS server grants an oplock to a client
	   process so that the client can cache data for while the lock is in place. When the server revokes the oplock, the  client  flushes  its
	   cached data to the server.

	   A value of true enables oplock support, while a value of false disables oplock support. The default value is true.

	   Oplocks  can  typically  be left enabled to obtain the performance benefits of client-side caching. In some circumstances, such as with
	   some database applications, the application vendor might recommend that client-side caching be disabled to ensure that transactions are
	   always committed immediately to the server.

       pdc

	   Specifies  the  preferred  IP  address  for	the domain controller. This property is sometimes used when there are multiple domain con-
	   trollers to indicate which one is preferred. If the specified domain controller responds, it is chosen even if the  other  domain  con-
	   trollers are also available. By default, no value is set.

       restrict_anonymous

	   Disables  anonymous	access	to  IPC$, which requires that the client be authenticated to get access to MS-RPC services through IPC$. A
	   value of true enables anonymous access to IPC$, while a value of false disables this anonymous access. The default value is false.

       system_comment

	   Specifies an optional description for the system, which is a text string. This property value might appear in various places,  such	as
	   Network Neighborhood or Network Places on Windows clients. By default, no value is set.

       wins_exclude

	   Specifies  a comma-separated list of network interfaces that should not be registered with WINS. NetBIOS host announcements are made on
	   excluded interfaces.

       wins_server_1

	   Specifies the IP address of the primary WINS server. By default, no value is set.

       wins_server_2

	   Specifies the IP address of the secondary WINS server. By default, no value is set.

ATTRIBUTES

       See the attributes(5) man page for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWsmbsu 		   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Uncommitted		   |
       +-----------------------------+-----------------------------+

SEE ALSO

       sharectl(1M), smbadm(1M), smbd(1M), smbstat(1M), attributes(5), smf(5)

SunOS 5.11							    17 Nov 2008 							    smb(4)