|
|||
Rule General Information |
---|
Release Date: | 2010-09-23 | |
Rule Name: | GPL SQL Slammer Worm propagation Vulnerability (CVE-2002-0649) | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption, as exploited by the Slammer/Sapphire worm. | |
Impact: | A problem in the SQL Server Resolution Service allows a remote attacker to execute arbitrary code on a vulnerable host. The attacker could exploit a heap-based buffer overflow in the resolution service by sending a maliciously crafted UDP packet to port 1434. | |
Affected OS: | Windows, Linux, FreeBSD, Solaris, Other Unix, Network Device, Mac OS, iOS, Android, Others | |
Reference: | SecurityFocusBID:5310 http://marc.info/?l=bugtraq&m=102760196931518&w=2 http://marc.info/?l=ntbugtraq&m=102760479902411&w=2 http://www.cert.org/advisories/CA-2002-22.html |
|
Solutions |
---|
Applying a patch is able to eliminate this problem, please visit: https://www.securityfocus.com/bid/5310/solution |