Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:4892
HistoryJul 24, 2003 - 12:00 a.m.

Microsoft SQL Server DoS

2003-07-2400:00:00
vulners.com
10
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                         @stake Inc.
                       www.atstake.com 

                      Security Advisory

Advisory Name: Microsoft SQL Server DoS
Release Date: 07/23/2003
Application: Microsoft SQL Server 7, 2000, MSDE
Platform: Windows NT/2000/XP
Severity: Denial of Service
Author: Andreas Junestam ([email protected])
Vendor Status: Microsoft has patch available
CVE Candidate: CAN-2003-0231
Reference: www.atstake.com/research/advisories/2003/a072303-2.txt

Overview

Microsoft SQL Server supports named pipes as one way of communicating
with the server. This named pipe allows any user to connect and send
data to it. By sending a large request, an attacker can render the
service unresponsive. Under some circumstances, the host has to be
restarted to recover from this situation.

Detailed Description

Microsoft SQL Server supports SQL queries over a named pipe. This
pipe allows write access to the group "Everyone" and is therefor
accessible to anyone that can authenticate, local or remote. By
sending a large request to this pipe (size depends on service pack
level), the service can be rendered unresponsive. The behavior of
the service depends upon the service pack level.

SQL Server 2000 pre-SP3:
The SQL Server service crashes. A restart of the service recovers
from the situation.

SQL Server 2000 SP3:
The SQL Server service appears to be functioning normal (no abnormal
CPU or memory usage), but it is unresponsive to any type of
requests. It is also impossible to stop the service and the only way
to recover from the situation is to restart the host.

As with most SQL Server issues MSDE is effected. MSDE is
included in many Microsoft and non-Microsoft products. A list
of products that includes MSDE is here:

http://www.sqlsecurity.com/DesktopDefault.aspx?tabindex=10&tabid=13

Vendor Response

Microsoft was contacted on 01/28/2003

Vendor has a bulletin and a patch available:

http://www.microsoft.com/technet/security/bulletin/MS03-031.asp

Recommendation

Install the vendor patch.

Disable named pipes as a SQL Server protocol by using the SQL
Server Network Utility.

Common Vulnerabilities and Exposures (CVE) Information:

The Common Vulnerabilities and Exposures (CVE) project has assigned
the following names to these issues. These are candidates for
inclusion in the CVE list (http://cve.mitre.org), which standardizes
names for security problems.

CAN-2003-0231

@stake Vulnerability Reporting Policy:
http://www.atstake.com/research/policy/

@stake Advisory Archive:
http://www.atstake.com/research/advisories/

PGP Key:
http://www.atstake.com/research/pgp_key.asc

Copyright 2003 @stake, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBPx75Pke9kNIfAm4yEQIHMQCeOJEDixeR/pv4oLrPXlXotZwiDMUAn1Ea
BAyScxbEHPoXDHHma1VFKaa/
=2lzX
-----END PGP SIGNATURE-----

Related

cve 1
cert 1
nessus 1
cve
cve
CVE-2003-0231
2003-08-27 04:00:00
cert
cert
Microsoft SQL Server becomes unresponsive when large packet is sent to specific named pipe
2003-07-28 00:00:00
nessus
nessus
MS03-031: Cumulative Patch for MS SQL Server (815495)
2003-07-24 00:00:00
JSON
Related for SECURITYVULNS:DOC:4892
cve1cert1nessus1