Domain Controller Restarts When You Use an Invalid Object Identifier in an LDAP Search (318174)

SYMPTOMS

If you send a Lightweight Directory Access Protocol (LDAP) request that contains an invalid object identifier (OID) attribute, the domain controller may unexpectedly restart.

A malicious user with access to the network can use this vulnerability to cause a domain controller in that network to become unavailable to client requests by forcing it to restart.

CAUSE

When an invalid OID attribute (an OID that does not represent an existing attribute) is used to search for an object in Active Directory, an access violation (AV) occurs in Lsass.exe, and you receive the following message:

The system is shutting down. Please save all
work in progress and log off. Any unsaved
changes will be lost.
This shutdown was initiated by
NT AUTHORITY\SYSTEM

Time before shutdown time

Message
The system process 'C:\WINNT\system32\lsass.exe' terminated
unexpectedly with status code of
-1073741819. The system will now shut
down and restart.

RESOLUTION

To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to Obtain the Latest Windows 2000 Service Pack

The English-language version of this fix should have the following file attributes or later:

   Date         Time   Version           Size     File name
   -----------------------------------------------------------
   30-Jan-2002  00:52  5.0.2195.4685     123,664  Adsldp.dll       
   30-Jan-2002  00:52  5.0.2195.4851     130,832  Adsldpc.dll      
   30-Jan-2002  00:52  5.0.2195.4016      62,736  Adsmsext.dll     
   30-Jan-2002  00:52  5.0.2195.4882     356,624  Advapi32.dll     
   30-Jan-2002  00:52  5.0.2195.4874     135,440  Dnsapi.dll       
   30-Jan-2002  00:52  5.0.2195.4874      95,504  Dnsrslvr.dll     
   14-Feb-2002  17:31  5.0.2195.4848     521,488  Instlsa5.dll     
   14-Feb-2002  17:24  5.0.2195.4894     145,680  Kdcsvc.dll       
   27-Nov-2001  00:33  5.0.2195.4680     199,440  Kerberos.dll     
   07-Feb-2002  19:35  5.0.2195.4914      71,024  Ksecdd.sys

   16-Jan-2002  23:02  5.0.2195.4848     503,568  Lsasrv.dll       
   16-Jan-2002  23:02  5.0.2195.4848      33,552  Lsass.exe        
   08-Dec-2001  00:05  5.0.2195.4745     107,280  Msv1_0.dll       
   14-Feb-2002  17:24  5.0.2195.4917     306,960  Netapi32.dll     
   30-Jan-2002  00:52  5.0.2195.4874     359,184  Netlogon.dll     
   14-Feb-2002  17:24  5.0.2195.4939     916,240  Ntdsa.dll        
   30-Jan-2002  00:52  5.0.2195.4847     388,368  Samsrv.dll       
   30-Jan-2002  00:52  5.0.2195.4874     128,784  Scecli.dll       
   30-Jan-2002  00:52  5.0.2195.4878     299,792  Scesrv.dll       
   30-Jan-2002  00:52  5.0.2195.4600      48,400  W32time.dll      
   06-Nov-2001  19:43  5.0.2195.4600      56,592  W32tm.exe        
   14-Feb-2002  17:24  5.0.2195.4921     125,712  Wldap32.dll

MORE INFORMATION

As noted in Request For Comment (RFC) 1779, the X.520 key in a Relative Distinguished Name (RDN) can be specified either by using standardized keywords (such as "OU" and "CN") or as an OID for the attribute.

To specify the key as an OID, use the following syntax

OID.identifier

where identifier is the object identifier of the attribute that you want to use as a naming attribute.

For example, the following base DN string

LDAP://OU=Test,DC=example,DC=com

Can be represented as:

LDAP://OID.2.5.4.11=Test,DC=example,DC=com