Re: MS SQL Server Worm?

From: Ivan Mason (ivan@OTAGO.AC.NZ)
Date: 01/25/03

  • Next message: Eric Schultze: "worm related sql patches and mssecure.xml/hfnetchk" 
    Date:         Sun, 26 Jan 2003 04:04:47 +1300
From: Ivan Mason <ivan@OTAGO.AC.NZ>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    Russ,

    I have noted that two of the postings that you have allowed through to the
    list allude that this 'worm vulnerability' affects pre SQL2K SP2?

    Marc Maiffret [marc@EEYE.COM],
    "Systems Affected: Microsoft SQL Server 2000 pre SP 2"
    (Good analysis of the payload, all the same...)

    Ben Koshy [ben@W3MEDIA.NET],
    "Those SQL Servers running Service Pack 2 or Service Pack 3 (released Jan 17
    with little/no notice from MS!) were immune to the worm."

    I would just like to say again that: "We believe that MS SQL Server 2000 SP2
    without the post SP2 security rollups would be vulnerable to this attack"

    We have tested Q323875 and it does stop the 'worm vulnerability'.

    Can we seek clarification regarding this: Is SQL2K with only SP2 safe?

    It's getting to be a rather long night...
    Regards Ivie..... :-)

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    Delivery co-sponsored by TruSecure Corporation
    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    TICSA - Anniversary Special - Limited Time

    Become TICSA certified for just $221.25 US when you register before 3/31/03
    with PROMO "TS0103" at www.2test.com. NO membership fees, certification
    good for 2 years. Price for international delivery just $296.25 US, with
    this offer. Offer cannot be combined with any other special and expires
    3/31/03. Visit www.trusecure.com/ticsa for full details.

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo