GEN:SID | 1:706 |
Message | MS-SQL xp_peekqueue possible buffer overflow |
Summary | This event is generated when an attempt is made to exploit a vulnerability in Microsoft SQL Server and Data Engine.
|
Impact | Serious. Full system compromise is possible.
|
Detailed Information | A buffer overflow condition in the xp_peekqueue variable exists which may allow the execution of an arbitary command with administrative priviledge.
The vulnerability occurs in API Srv_paraminfo(), which is implemented by Extended Stored Procedures (XPs) in Microsoft SQL Server and Data Engine. It may also be possible for attackers to execute arbitrary code on the host running SQL Server.
|
Affected Systems | Microsoft SQL Server 7.0 Microsoft SQL Server 2000 Microsoft Data Engine 1.0 Microsoft Data Engine 2000
|
Attack Scenarios | An attacker can pass an overly long string to the XP xp_peekqueue, a buffer overflow can occur due to an unsafe memory copy. This can cause SQL Server to crash.
|
Ease of Attack | Simple. Exploit scripts are available.
|
Corrective Action | Apply the appropriate vendor supplied patch (Microsoft Patch Q280380 , Microsoft Patch Q280380)
|
Additional References | Bugtraq: http://www.securityfocus.com/bid/2040/ |
Rule References | bugtraq: 2040
cve: 2000-1085
url: www.microsoft.com/technet/security/bulletin/MS00-092.mspx
|