PT-2011-2037 · Microsoft · Windows Server 2003 Sp2+1

Published

2011-02-09

Updated

2018-10-12

CVE-2011-0040

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Windows Server 2003 SP2

Description The issue arises from the server in Microsoft Active Directory not properly handling an update request for a service principal name (SPN), allowing remote attackers to cause a denial of service, such as authentication downgrade or outage. This is achieved through a crafted request that triggers name collisions.

Recommendations For Windows Server 2003 SP2, apply the necessary patch to resolve the Active Directory SPN validation issue.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2011-0040

Affected Products

Active Directory

Windows Server 2003 Sp2

PT-2011-2037 · Microsoft · Windows Server 2003 Sp2+1

CVE-2011-0040

Weakness Enumeration

Related Identifiers

Affected Products

References · 9