Info

Disclosure

Jul 24, 2002

Discovery

Unknown

Dates

Exploit

Jul 24, 2002

Solution

Unknown

Description

Microsoft SQL Server and Desktop Engine contain a flaw that may allow a remote attacker to execute arbitrary code. The issue is due to the SQL Server Resolution Service not properly sanitizing remote user input. If an attacker sends a specially crafted request (byte set to 0x08 followed by long string and colon), they may be able to overflow a buffer to execute arbitrary code on the system.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public, Exploit Commercial
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Products

Cisco Systems, Inc.	BBSM	5.0
		5.1
	CallManager	3.3.x
	Unity	3.x
		4.x

Microsoft Corporation	Desktop Engine (MSDE)	2000
Microsoft Corporation	SQL Server	2000

References

CVE ID: 2002-0649 (see also: NVD)
Microsoft Knowledge Base Article: 317748
CERT VU: 399260
Related OSVDB ID: 4578 878
Bugtraq ID: 5310
ISS X-Force ID: 9661
CERT: CA-2002-22 CA-2003-04
Keyword: DDOS.SQLP1434.A Sapphire Slammer SQL Slammer Worm UDP Port 1434 W32/SQLSlam-A W32/SQLSlammer
Generic Informational URL: http://securityresponse.symantec.com/avcenter/venc/data/w32.sqlexp.worm.html
Other Advisory URL: http://www.nextgenss.com/advisories/mssql-udp.txt
http://www.saintcorporation.com/cgi-bin/exploit_info/ms_sql_server_resolution_service
Generic Exploit URL: http://www.saintcorporation.com
Microsoft Security Bulletin: MS02-039 MS02-061

Credit

David Litchfield - mnemonixGLOBALNET.CO.UK - Personal Page

Direct URL: http://osvdb.org/4577

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Cisco Systems, Inc.

BBSM

CallManager

Unity

Microsoft Corporation

Desktop Engine (MSDE)

SQL Server

References

Credit