SQL Server 7.0 Denial of Service vulnerability

• K. Brian Kelley

  SSC Guru

  Points: 114642

  More actions

  September 30, 2004 at 7:12 am

  #102222

  This was posted on the BugTraq security mailing list and has made a Secunia vulnerability announcement. Here is the announcement:

  TITLE:

  Microsoft SQL Server Denial of Service Vulnerability

  SECUNIA ADVISORY ID:

  SA12680

  VERIFY ADVISORY:

  http://secunia.com/advisories/12680/

  CRITICAL:

  Less critical

  IMPACT:

  DoS

  WHERE:

  From local network

  SOFTWARE:

  Microsoft SQL Server 7

  http://secunia.com/product/8/

  DESCRIPTION:

  securma massine has reported a vulnerability in Microsoft SQL Server, which can be exploited by malicious people to cause a DoS (Denial of Service).

  The vulnerability is caused due to an error when processing incoming requests and can be exploited via a specially crafted request containing 700,000 bytes of data.

  Successful exploitation crashes the service.

  The vulnerability has been reported in version 7.0 up to and

  including Service Pack 3.

  SOLUTION:

  Restrict access to the database services.

  PROVIDED AND/OR DISCOVERED BY:

  securma massine

  K. Brian Kelley
  @kbriankelley

• Rudyx - the Doctor

  SSC-Forever

  Points: 43695

  More actions

  October 1, 2004 at 8:54 am

  #525040

  Many thanks for the informational post . I've actually for a couple of V7.0 servers due to an  application requirement).

  RegardsRudy KomacsarSenior Database Administrator"Ave Caesar! - Morituri te salutamus."

• K. Brian Kelley

  SSC Guru

  Points: 114642

  More actions

  October 1, 2004 at 10:07 am

  #525054

  Quite a few shops still do. There's been no announced word from Microsoft on this one, so we'll just have to keep our eyes open.

  K. Brian Kelley
  @kbriankelley