RE: SQL Sapphire Worm Analysis

From: Marc Maiffret (
Date: 01/27/03

  • Next message: terry white: "Re: SQL Sapphire Worm Analysis"
    From: "Marc Maiffret" <>
    To: "terry white" <>
    Date: Sun, 26 Jan 2003 22:55:09 -0800

    Yup this is true... the advisory on our website reflects it. The advisory on
    our site will always have the latest information. Also we released a free
    scanning tool that will detect vulnerable SQL and MSDE systems.You can check
    it on

    Marc Maiffret
    Chief Hacking Officer
    eEye Digital Security
    F.949.349.9538 - Network Security Scanner - Network Traffic Analyzer - Stop known and unknown IIS vulnerabilities

    | -----Original Message-----
    | From: []On
    | Behalf Of terry white
    | Sent: Sunday, January 26, 2003 9:01 PM
    | To: Marc Maiffret
    | Cc: Incidents
    | Subject: Re: SQL Sapphire Worm Analysis
    | on "1-25-2003" "Marc Maiffret" writ:
    | : SQL Sapphire Worm Analysis
    | :
    | : Systems Affected:
    | : Microsoft SQL Server 2000 pre SP 2
    | ... it seems to me, i've read that the M$ 'desktop engine' a.k.a. "DE" is
    | vulnerable to this exploit in some way. in fact, it seems like the DE
    | was affected where MS-SQL not running ...
    | --
    | ... i'm a man, but i can change,
    | if i have to , i guess ...

    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management
    and tracking system please see:

    Relevant Pages

    • [NEWS] Vulnerability Issues in Implementations of the H.323 Protocol (Generic)
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: ... Get your security news from a reliable source. ... discovered a number of implementation specific vulnerabilities in the ... The severity of these vulnerabilities varies by vendor. ...
    • [NEWS] Openfire Multiple Vulnerabilities
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: ... Openfire Multiple Vulnerabilities ...
    • Re: SECUNIA warning:[SA16041] Kerberos V5 Multiple Vulnerabilities
      ... the Kerberos v5 specification, done by Microsoft. ... Kerberos V5 Multiple Vulnerabilities ... > Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- ... > SECUNIA ADVISORY ID: ...
    • RE: php pack() security update
      ... I'm waiting for redhat to release updates for php on as3. ... SECUNIA ADVISORY ID: ... Multiple vulnerabilities have been reported in PHP, ... Successful exploitation requires that PHP runs on a multi-threaded ...
    • Simple PHP Blog Multiple Vulnerabilities
      ... Secure Network - Security Research Advisory ... Simple PHP Blog is a blogging application that was written with simplicity of installation and maintenance in mind. ... Multiple vulnerabilities have been reported in the latest version of this web application; probably all previous versions are affected to the same issues. ...