MSSQL HEllo bugFrom: Dave Aitel (dave@IMMUNITYSEC.COM)
- Previous message: David Litchfield: "Notes on the SQL Cumulative patch"
- Next in thread: Chip Andrews: "Re: MSSQL HEllo bug"
- Reply: Chip Andrews: "Re: MSSQL HEllo bug"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 3 Oct 2002 12:18:36 -0400 From: Dave Aitel <dave@IMMUNITYSEC.COM> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
People in Immunity's Vulnerability Disclosure Club or people who have
purchased CORE Impact or people who have written their own SQL Server
Hello exploit can verify that this statement from the Microsoft Advisory
is, in fact, completely untrue.
The default install, in fact, every install I've run into, gives you
LOCAL/SYSTEM. LOCAL/SYSTEM usually has significant privileges.
"Unchecked buffer in SQL Server 2000 authentication function
What’s the scope of this vulnerability?
This is a buffer overrun vulnerability. By sending a specially malformed
login request to an affected server, an attacker could either cause the
SQL Server service to fail or gain control over the database. It would
not be necessary for the user to successfully authenticate to the server
in order to exploit the vulnerability.
This vulnerability only affects SQL Server 2000 and MSDE 2000. Although
the vulnerability would provide a way to gain control over the database,
it would not, under default conditions, grant the attacker significant
privileges at the operating system level. "