[VulnWatch] Microsoft SQL Server DoS

From: _at_stake Advisories (_at_stake)
Date: 07/23/03

  • Next message: Thor Larholm: "Re: [VulnWatch] Drivial Pursuit: Internet Explorer Browser & Your Files and Folders !"
    Date: Wed, 23 Jul 2003 17:08:49 -0400
    To: vulnwatch@vulnwatch.org
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

                                 @stake Inc.
                               www.atstake.com

                              Security Advisory

     
    Advisory Name: Microsoft SQL Server DoS
     Release Date: 07/23/2003
      Application: Microsoft SQL Server 7, 2000, MSDE
         Platform: Windows NT/2000/XP
         Severity: Denial of Service
           Author: Andreas Junestam (andreas@atstake.com)
    Vendor Status: Microsoft has patch available
    CVE Candidate: CAN-2003-0231
        Reference: www.atstake.com/research/advisories/2003/a072303-2.txt

    Overview

    Microsoft SQL Server supports named pipes as one way of communicating
    with the server. This named pipe allows any user to connect and send
    data to it. By sending a large request, an attacker can render the
    service unresponsive. Under some circumstances, the host has to be
    restarted to recover from this situation.

    Detailed Description

    Microsoft SQL Server supports SQL queries over a named pipe. This
    pipe allows write access to the group "Everyone" and is therefor
    accessible to anyone that can authenticate, local or remote. By
    sending a large request to this pipe (size depends on service pack
    level), the service can be rendered unresponsive. The behavior of
    the service depends upon the service pack level.

    SQL Server 2000 pre-SP3:
    The SQL Server service crashes. A restart of the service recovers
    from the situation.

    SQL Server 2000 SP3:
    The SQL Server service appears to be functioning normal (no abnormal
    CPU or memory usage), but it is unresponsive to any type of
    requests. It is also impossible to stop the service and the only way
    to recover from the situation is to restart the host.

    As with most SQL Server issues MSDE is effected. MSDE is
    included in many Microsoft and non-Microsoft products. A list
    of products that includes MSDE is here:

    http://www.sqlsecurity.com/DesktopDefault.aspx?tabindex=10&tabid=13

    Vendor Response

    Microsoft was contacted on 01/28/2003

    Vendor has a bulletin and a patch available:

    http://www.microsoft.com/technet/security/bulletin/MS03-031.asp

    Recommendation

    Install the vendor patch.

    Disable named pipes as a SQL Server protocol by using the SQL
    Server Network Utility.

    Common Vulnerabilities and Exposures (CVE) Information:

    The Common Vulnerabilities and Exposures (CVE) project has assigned
    the following names to these issues. These are candidates for
    inclusion in the CVE list (http://cve.mitre.org), which standardizes
    names for security problems.

      CAN-2003-0231

    @stake Vulnerability Reporting Policy:
    http://www.atstake.com/research/policy/

    @stake Advisory Archive:
    http://www.atstake.com/research/advisories/

    PGP Key:
    http://www.atstake.com/research/pgp_key.asc

    Copyright 2003 @stake, Inc. All rights reserved.

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.0

    iQA/AwUBPx75Pke9kNIfAm4yEQIHMQCeOJEDixeR/pv4oLrPXlXotZwiDMUAn1Ea
    BAyScxbEHPoXDHHma1VFKaa/
    =2lzX
    -----END PGP SIGNATURE-----


  • Next message: Thor Larholm: "Re: [VulnWatch] Drivial Pursuit: Internet Explorer Browser & Your Files and Folders !"

    Relevant Pages

    • RE: Sharepoint issue
      ... do you mean Microsoft SQL Server ... 833183 You receive a "Cannot connect to the configuration database" error ... This newsgroup only focuses on SBS technical issues. ...
      (microsoft.public.windows.server.sbs)
    • Microsoft SQL Server local code execution
      ... Microsoft SQL Server local code execution ... As with most SQL Server issues MSDE is effected. ... Common Vulnerabilities and Exposures (CVE) Information: ...
      (Bugtraq)
    • [VulnWatch] Microsoft SQL Server local code execution
      ... Microsoft SQL Server local code execution ... As with most SQL Server issues MSDE is effected. ... Common Vulnerabilities and Exposures (CVE) Information: ...
      (VulnWatch)
    • Microsoft SQL Server DoS
      ... Advisory Name: Microsoft SQL Server DoS ... Vendor Status: Microsoft has patch available ... Common Vulnerabilities and Exposures (CVE) Information: ...
      (Bugtraq)
    • CERT Advisory CA-2002-22 Multiple Vulnerabilities in Microsoft SQL Server
      ... The Microsoft SQL Server contains several serious vulnerabilities that ... These vulnerabilities are public and have ... the same privileges as the operating system. ... a compromised Microsoft SQL Server can be used to take ...
      (Cert)