Re: sql 2005 vulnerability hello overflow?
- From: "Jasper Smith" <jasper_smith9@xxxxxxxxxxx>
- Date: Fri, 23 Mar 2007 23:18:17 -0000
This does not apply to SQL 2005, just have a look at the KB article - it's
only relavent to SQL2000. Having looked at the product you used for the
scan, it seems no one has updated the scripts it uses to take account of
SQL2005.
--
HTH,
Jasper Smith (SQL Server MVP)
http://www.sqldbatips.com
"ksb" <ksb@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:2A93F170-5A8A-4E57-B04D-0684A47B0EBF@xxxxxxxxxxxxxxxx
we have built a new w2003 sp2, sql 2005 sp2 with hotfix server. Scanning
with
Nexus tells us it is vulnerable to the hello overflow, CVE-2002-1123. How
can
I find out for certain whether the server is vulnerable or not? need to be
able to show documentation to our security guy b4 can go into production.
Thanks VERY much.
The remote MS SQL server is vulnerable to the Hello overflow.
An attacker may use this flaw to execute commands against
the remote host as LOCAL/SYSTEM, as well as read your database content.
*** This alert might be a false positive.
Solution : Install Microsoft Patch Q316333 at
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q316333&sd=tech
or disable the Microsoft SQL Server service or use a firewall to protect
the
MS SQL port (1433).
Risk factor : High
CVE : CVE-2002-1123
BID : 5411
Other references : IAVA:2002-B-0007, OSVDB:10132
Nessus ID : 11067
.
- Prev by Date: Error when Logging on - Error: 18456, Severity: 14, State: 16
- Next by Date: Re: sql 2005 vulnerability hello overflow?
- Previous by thread: Error when Logging on - Error: 18456, Severity: 14, State: 16
- Next by thread: Re: sql 2005 vulnerability hello overflow?
- Index(es):
Relevant Pages
|
