|Check Point Reference:||CPAI-2008-030|
|Date Published:||5 Feb 2008|
|Last Updated:||23 Aug 2016|
|Protection Provided by:||
|Who is Vulnerable?|
|Vulnerability Description||Lightweight Directory Access Protocol (LDAP) is Internet standard protocol designed for querying and modifying directory services. A vulnerability was discovered in Microsoft Active Directory that enables an attacker to cause a Denial-of-Service (DoS) condition.|
This protection will detect and block specially crafted LDAP requests that can potentially cause the DoS.A monitor-only mode makes it possible to track unauthorized traffic without blocking it.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.
This protection's log will contain the following information:
Attack Name: LDAP Protection Violation.
Attack Information: Microsoft Active Directory LDAP query handling denial of service (MS08-003)