It was discovered that MS Windows LDAP server did not properly validate user input data when it was received via a NULL byte-riddled pathname. If a user were to grant LDAP root access to a remote attacker, the attacker could leverage this vulnerability to execute arbitrary code on the system as a user with administrative privileges. This could enable the attacker to install programs, view data, or take any other action on the system as a user with administrative privileges. Microsoft Windows clients and servers are likely affected by this vulnerability. Red Hat Enterprise Linux and other Linux vendors have also released updates. Red Hat Enterprise Linux version 6 received a version 2 update and Red Hat Enterprise Linux version 5 received a version 3 update. Ubuntu 18.04 LTS and other Ubuntu-based distributions are likely also vulnerable.

Vulnerability overview

A vulnerability in a Microsoft Windows LDAP server has been discovered that could allow attackers to execute arbitrary code on the system as a user with administrative privileges. The vulnerability is caused by an improper validation of user input data. If a user were to grant LDAP root access to a remote attacker, the attacker could leverage this vulnerability to execute arbitrary code on the system as a user with administrative privileges. This could enable the attacker to install programs, view data, or take any other action on the system as a user with administrative privileges.

RCE via LDAP Vulnerability in Microsoft Windows Server

A remote code execution vulnerability was discovered in MS Windows LDAP server. Microsoft has released an advisory and software update that addresses this vulnerability.

Important update: CVE-2022-29128

If you are running Microsoft Windows, it is important for you to download the latest security update from Microsoft. If you are running a Linux distribution, it is important for you to download the latest updates from your vendor.

Timeline

Published on: 05/10/2022 21:15:00 UTC
Last modified on: 05/23/2022 17:29:00 UTC

References