Many, many, many Sql Server 7 & 2000 Buffer Overflows
From: c c (cesarc56@UOL.COM.AR)Date: 03/12/02
- Previous message: Marc Maiffret: "ADVISORY: Windows Shell Overflow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 12 Mar 2002 13:33:45 -0300 From: c c <cesarc56@UOL.COM.AR> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Security Advisory
Name : Many, many, many Sql Server 7 & 2000 Buffer
Overflows
System Affected : Sql Server 7 & 2000 all service packs
and fixes.
Severity : High.
Remote Exploit: Yes
Author: Cesar Cerrudo.
Date: 03/12/2002
Advisory Number: CC030203
Description :
Well people it's the same old history. No words.
Are you still using extended stored procedures?
Details:
Extended stored procedured affected in Sql Server 7 :
xp_repl_encrypt
xp_proxiedmetadata --->Hoops this was alredy fixed
xp_oledbinfo
xp_dsninfo
xp_sqlinventory --->Hoops this was alredy fixed
Extended stored procedured affected in Sql Server 2000:
xp_proxiedmetadata --->Hoops this was alredy fixed
xp_mergelineages
xp_controlqueueservice
xp_createprivatequeue
xp_createqueue
xp_decodequeuecmd
xp_deleteprivatequeue
xp_deletequeue
xp_displayqueuemesgs
xp_oledbinfo
xp_readpkfromqueue
xp_readpkfromvarbin
xp_repl_encrypt
xp_resetqueue
xp_unpackcab
Workaround :
Drop the extended stored procedures and its DLL.
What is better a workaround or a Microsoft fix?
Vendor Status :
Microsoft was not contacted.
Especial thanks to Aaron C. Newman for his contribution
in tests.
And very special thanks to Microsoft spies's for being
so stupids.
For complete details and test results :
http://www.appsecinc.com/resources/alerts/mssql/02-
0000.html
_________________________________________________________________
UOLMAIL - Todo Argentino tiene derecho a lo mejor de Internet.
http://www.uolmail.com.ar
- Previous message: Marc Maiffret: "ADVISORY: Windows Shell Overflow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
