Intrusion Prevention

Worm.Slammer

Description

This indicates an attempt by the SQL Slammer worm to exploit a buffer-overflow vulnerability in Microsoft SQL Server.
The vulnerability results from the the way that Microsoft SQL servers process input on the SQL Server Resolution Service on port 1434. By sending a specially crafted UDP packet, a remote attacker can execute arbitrary code on a vulnerable system. The SQL Slammer worm takes advantage of this to spread through local networks and the Internet. The worm first scans rapidly for vulnerable systems, and it is this scanning activity that has degraded service across the entire Internet.

Affected Products

MS SQL 2000 server.

Impact

System compromise: Remote code execution, worm infection

Recommended Actions

Apply the latest SQL Server patches from Microsoft:
http://www.microsoft.com/technet/security/Bulletin/MS02-039.mspx
Block external access to the Microsoft SQL service on port 1433 and 1434.

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date	Version	Detail
2022-03-03	20.269

ID	11743
Created	Mar 06, 2006
Updated	Mar 02, 2022
Risk
Default Action	drop
Active
Affected OS	Windows
Affected App	Other

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Intrusion Prevention

Worm.Slammer

Description

Affected Products

Impact

Recommended Actions

Telemetry

Coverage

Version Updates

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners

Intrusion Prevention

Worm.Slammer

Description

Affected Products

Impact

Recommended Actions

Telemetry

Coverage

Version Updates

Threat Intelligence
Center