MS.SQL.Server.Buffer.Overflow

Description

It indicates a possible exploit of buffer overflow vulnerability in the authentication function of Microsoft SQL server 2000 and MSDE 2000.

Microsoft SQl server is one of the popular database server widely used. A buffer overflow vulnerability is reported in the authentication function of these servers that may allow an attacker to execute arbitrary code on the system with privilege of SQL server service by sending malformed hello request on TCP port 1433. For exploiting this vulnerability, an attacker may not require SQL server authentication credential because the vulnerability exist in the preliminary exchange before the actual authentication. An attacker may bring the sql server down by over writing the server service memory or may gain control of sql server by carefully forming the request to change the course of execution. A patch is available for the vulnerability in the Microsoft web site.

Affected Products

Microsoft SQL Server 2000, 2000 SP1, 2000 SP2, and Microsoft Data Engine 2000

Impact

Gain control of SQL server and compromise of database.

Recommended Actions

Apply security patch to the system as given in the Microsoft Security Bulletin MS02-056 at http://www.microsoft.com/technet/security/bulletin/ms02-056.mspx.