Microsoft Security Bulletin MS02-039

Naviga SWZ: Home Page » News
News del 25 Luglio 02 Autore: Steve3000
Buffer Overruns in SQL Server 2000 Resolution Service Could Enable Code Execution (Q323875)Titolo: Buffer Overruns in SQL Server 2000 Resolution Service Could Enable Code Execution(Q323875) Data: 24 July 2002 Software: SQL Server 2000 Impatto: Three vulnerabilities, the most serious of which could enable an attacker to gain control over an affected SQL Server 2000 installation Rischio: Critical Bollettino: MS02-039Issue: ====== SQL Server 2000 introduces the ability to host multiple instances of SQL Server on a single physical machine. Each instance operates for all intents and purposes as though it was a separate server. However, the multiple instances cannot all use the standard SQL Server session port (TCP 1433). While the default instance listens on TCP port 1433, named instances listen on any port assigned to them. The SQL Server Resolution Service, which operates on UDP port 1434, provides a way for clients to query for the appropriate network endpoints to use for a particular SQL Server instance. There are three security vulnerabilities here. The first two are buffer overruns. By sending a carefully crafted packet to the Resolution Service, an attacker could cause portions of system memory (the heap in one case, the stack in the other) to be overwritten. Overwriting it with random data would likely result in the failure of the SQL Server service; overwriting it with carefully selected data could allow the attacker to run code in the security context of the SQL Server service. The third vulnerability is a denial of service vulnerability. SQL uses a keep-alive mechanism to distinguish between active and passive instances. It is possible to create a keep-alive packet that, when sent to the Resolution Service, will cause SQL Server 2000 to respond with the same information. An attacker who created such a packet, spoofed the source address so that it appeared to come from a one SQL Server 2000 system, and sent it to a neighboring SQL Server 2000 system could cause the two systems to enter a never-ending cycle of keep-alive packet exchanges. This would consume resources on both systems, slowing performance considerably. ------------------------- Ulteriore bollettino di sicurezza per SQL Server 2000, atto a prevenire 3 falle da Buffer Overruns che permetterebbero l'esecuzione di codici. Anche questa una patch per utenti avanzati. Scarica la patch:Q323875_SQL2000_SP2_en.EXE - 167 Kb
Inserisci un commento sul forum Commenta la News sul Forum


Categoria: Sicurezza

La Community di

La community con le risposte che cerchi ! Partecipa é gratis !
Iscrizione ForumIscriviti al Forum


Vuoi ricevere tutti gli aggiornamenti di SWZone direttamente via mail ?
Iscrizione NewsletterIscriviti alla Newsletter