Microsoft KB Archive/318174

= Domain Controller Restarts When You Use an Invalid Object Identifier in an LDAP Search =

Article ID: 318174

Article Last Modified on 10/30/2006

-

APPLIES TO


 * Microsoft Windows 2000 Service Pack 1
 * Microsoft Windows 2000 Service Pack 2
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Advanced Server

-



This article was previously published under Q318174



SYMPTOMS
If you send a Lightweight Directory Access Protocol (LDAP) request that contains an invalid object identifier (OID) attribute, the domain controller may unexpectedly restart.

A malicious user with access to the network can use this vulnerability to cause a domain controller in that network to become unavailable to client requests by forcing it to restart.



CAUSE
When an invalid OID attribute (an OID that does not represent an existing attribute) is used to search for an object in Active Directory, an access violation (AV) occurs in Lsass.exe, and you receive the following message:

The system is shutting down. Please save all

work in progress and log off. Any unsaved

changes will be lost.

This shutdown was initiated by

NT AUTHORITY\SYSTEM

Time before shutdown

Message

The system process 'C:\WINNT\system32\lsass.exe' terminated

unexpectedly with status code of

-1073741819. The system will now shut

down and restart.



RESOLUTION
To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to Obtain the Latest Windows 2000 Service Pack

The English-language version of this fix should have the following file attributes or later:   Date         Time   Version           Size     File name ---  30-Jan-2002  00:52  5.0.2195.4685     123,664  Adsldp.dll 30-Jan-2002 00:52  5.0.2195.4851     130,832  Adsldpc.dll 30-Jan-2002 00:52  5.0.2195.4016      62,736  Adsmsext.dll 30-Jan-2002 00:52  5.0.2195.4882     356,624  Advapi32.dll 30-Jan-2002 00:52  5.0.2195.4874     135,440  Dnsapi.dll 30-Jan-2002 00:52  5.0.2195.4874      95,504  Dnsrslvr.dll 14-Feb-2002 17:31  5.0.2195.4848     521,488  Instlsa5.dll 14-Feb-2002 17:24  5.0.2195.4894     145,680  Kdcsvc.dll 27-Nov-2001 00:33  5.0.2195.4680     199,440  Kerberos.dll 07-Feb-2002 19:35  5.0.2195.4914      71,024  Ksecdd.sys

16-Jan-2002 23:02  5.0.2195.4848     503,568  Lsasrv.dll 16-Jan-2002 23:02  5.0.2195.4848      33,552  Lsass.exe 08-Dec-2001 00:05  5.0.2195.4745     107,280  Msv1_0.dll 14-Feb-2002 17:24  5.0.2195.4917     306,960  Netapi32.dll 30-Jan-2002 00:52  5.0.2195.4874     359,184  Netlogon.dll 14-Feb-2002 17:24  5.0.2195.4939     916,240  Ntdsa.dll 30-Jan-2002 00:52  5.0.2195.4847     388,368  Samsrv.dll 30-Jan-2002 00:52  5.0.2195.4874     128,784  Scecli.dll 30-Jan-2002 00:52  5.0.2195.4878     299,792  Scesrv.dll 30-Jan-2002 00:52  5.0.2195.4600      48,400  W32time.dll 06-Nov-2001 19:43  5.0.2195.4600      56,592  W32tm.exe 14-Feb-2002 17:24  5.0.2195.4921     125,712  Wldap32.dll



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Windows 2000 Service Pack 3.



MORE INFORMATION
As noted in Request For Comment (RFC) 1779, the X.520 key in a Relative Distinguished Name (RDN) can be specified either by using standardized keywords (such as &quot;OU&quot; and &quot;CN&quot;) or as an OID for the attribute.

To specify the key as an OID, use the following syntax

OID.

where  is the object identifier of the attribute that you want to use as a naming attribute.

For example, the following base DN string

LDAP://OU=Test,DC= ,DC=

Can be represented as:

LDAP://OID.2.5.4.11=Test,DC= ,DC=

The OID for  is 2.5.4.11.

Additional query words: kbDirServices

Keywords: kberrmsg kbbug kbfix kbwin2000presp3fix kbwin2000sp3fix kbdirservices KB318174

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.