GEN:SID | 1:708 |
Message | MS-SQL/SMB xp_enumresultset possible buffer overflow |
Summary | This event is generated when an attempt is made to overflow a buffer in the Microsoft SQL Server and Data Engine.
|
Impact | Serious. A Denial of Service condition or execution of arbitrary code is possible.
|
Detailed Information | A buffer overflow condition exists in some versions of Microsoft SQL Server and Data Engine that may allow an attacker to execute arbitrary code with system privileges or crash the SQL Server.
The attacker must gain access to the SQL Server to exploit this vulnerability.
|
Affected Systems | |
Attack Scenarios | Exploit code exists.
|
Ease of Attack | Simple. Exploit code exists.
|
Corrective Action | Apply the appropriate vendor supplied patches.
Disallow direct access to the SQL server from sources external to the protected network.
Ensure that this event was not generated by a legitimate session then investigate the server for signs of compromise
Look for other events generated by the same IP addresses.
|
Additional References | CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1082
Bugtraq: http://www.securityfocus.com/bid/2031
Microsoft: http://www.microsoft.com/technet/security/bulletin/ms00-092.asp
|
Rule References | bugtraq: 2031
cve: 2000-1082
url: www.microsoft.com/technet/security/bulletin/MS00-092.mspx
|