Intrusion Prevention

MS.SQL.Server.Resolution.Service.Stack.Overflow

Description

This indicates an attempt to exploit a stack overflow vulnerability in Microsoft SQL Server Resolution Service.
There is a flaw in some versions of Microsoft SQL Server that may allow a remote attacker to cause a Denial-of-Service or even execute arbitrary code on a target machine by passing it a specially-crafted packet. The SQL Slammer worm takes advantage of this vulnerability to attack Microsoft SQL servers.

Affected Products

Any unprotected MS SQL 2000 server is vulnerable to the attack.

Impact

Attackers can execute arbitrary code or cause a denial of service on the victim system.

Recommended Actions

Patch the server from Microsoft at http://www.microsoft.com/technet/security/bulletin/ms02-039.mspx.
Block external access to the MS SQL service on port 1433 and 1434

CVE References

CVE-2002-0649

Other References

1