CVE-2009-3675

LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote authenticated users to cause a denial of service (CPU consumption) via a malformed ISAKMP request over IPsec, aka "Local Security Authority Subsystem Service Resource Exhaustion Vulnerability."

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:N/I:N/A:C

Exploitability : 8.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://www.us-cert.gov/cas/techalerts/TA09-342A.html	US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-069
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6639

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:microsoft:windows_2000:sp4:::::::*
	cpe:2.3:o:microsoft:windows_2003_server::sp2::::::*
	cpe:2.3:o:microsoft:windows_2003_server:-:sp2:itanium:::::*
	cpe:2.3:o:microsoft:windows_2003_server:-:sp2:x64:::::*
	cpe:2.3:o:microsoft:windows_xp::sp2:x64:::::
	cpe:2.3:o:microsoft:windows_xp::sp3::::::*
	cpe:2.3:o:microsoft:windows_xp:-:::::::*

History

No history.

Information

Published : 2009-12-09 18:30

Updated : 2024-02-28 11:21

NVD link : CVE-2009-3675

Mitre link : CVE-2009-3675

CVE.ORG link : CVE-2009-3675

JSON object : View

Products Affected

microsoft

windows_xp
windows_2000
windows_2003_server

CWE

CWE-399

Resource Management Errors

{"id": "CVE-2009-3675", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-12-09T18:30:00.500", "references": [{"url": "http://www.us-cert.gov/cas/techalerts/TA09-342A.html", "tags": ["US Government Resource"], "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-069", "source": "secure@microsoft.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6639", "source": "secure@microsoft.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-399"}]}], "descriptions": [{"lang": "en", "value": "LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote authenticated users to cause a denial of service (CPU consumption) via a malformed ISAKMP request over IPsec, aka \"Local Security Authority Subsystem Service Resource Exhaustion Vulnerability.\""}, {"lang": "es", "value": "LSASS.exe en Local Security Authority Subsystem Service (LSASS) en Microsoft Windows 2000 SP4, XP SP2 y SP3 y Server 2003 SP2 permite a atacantes remotos autenticados provocar una denegaci\u00f3n de servicio (consumo de CPU) mediante una petici\u00f3n ISAKMP sobre IPsec malformada. Tambi\u00e9n conocido como \"Vulnerabilidad de consumo de recuersos Local Security Authority Subsystem Service\"."}], "lastModified": "2018-10-30T16:25:57.340", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_2000:sp4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11AFB73A-1C61-40F1-8415-E4D40BB2699B"}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C"}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:-:sp2:itanium:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0D88E59-0DDC-4AE0-83B8-0C9DADAB2733"}, {"criteria": "cpe:2.3:o:microsoft:windows_2003_server:-:sp2:x64:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D5F7729-A095-43DF-BF2F-B4B6938087FA"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:x64:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57ECAAA8-8709-4AC7-9CE7-49A8040C04D3"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656"}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B47EBFCC-1828-45AB-BC6D-FB980929A81A"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}