what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Atstake Security Advisory 03-07-23.2

Atstake Security Advisory 03-07-23.2
Posted Jul 24, 2003
Authored by Atstake, Andreas Junestam | Site atstake.com

Atstake Security Advisory A072303-2 - By sending a large request to a named pipe used by the Microsoft SQL Server, an attacker can render the service unresponsive. Under some circumstances, the host has to be restarted to recover from this situation.

tags | advisory
advisories | CVE-2003-0231
SHA-256 | 4da882968c57e3021287c2926f476d383da49f08fd6b93c99584ab7e7a62fd5e

Atstake Security Advisory 03-07-23.2

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

@stake Inc.
www.atstake.com

Security Advisory


Advisory Name: Microsoft SQL Server DoS
Release Date: 07/23/2003
Application: Microsoft SQL Server 7, 2000, MSDE
Platform: Windows NT/2000/XP
Severity: Denial of Service
Author: Andreas Junestam (andreas@atstake.com)
Vendor Status: Microsoft has patch available
CVE Candidate: CAN-2003-0231
Reference: www.atstake.com/research/advisories/2003/a072303-2.txt


Overview

Microsoft SQL Server supports named pipes as one way of communicating
with the server. This named pipe allows any user to connect and send
data to it. By sending a large request, an attacker can render the
service unresponsive. Under some circumstances, the host has to be
restarted to recover from this situation.


Detailed Description

Microsoft SQL Server supports SQL queries over a named pipe. This
pipe allows write access to the group "Everyone" and is therefor
accessible to anyone that can authenticate, local or remote. By
sending a large request to this pipe (size depends on service pack
level), the service can be rendered unresponsive. The behavior of
the service depends upon the service pack level.

SQL Server 2000 pre-SP3:
The SQL Server service crashes. A restart of the service recovers
from the situation.

SQL Server 2000 SP3:
The SQL Server service appears to be functioning normal (no abnormal
CPU or memory usage), but it is unresponsive to any type of
requests. It is also impossible to stop the service and the only way
to recover from the situation is to restart the host.

As with most SQL Server issues MSDE is effected. MSDE is
included in many Microsoft and non-Microsoft products. A list
of products that includes MSDE is here:

http://www.sqlsecurity.com/DesktopDefault.aspx?tabindex=10&tabid=13


Vendor Response

Microsoft was contacted on 01/28/2003

Vendor has a bulletin and a patch available:

http://www.microsoft.com/technet/security/bulletin/MS03-031.asp


Recommendation

Install the vendor patch.

Disable named pipes as a SQL Server protocol by using the SQL
Server Network Utility.


Common Vulnerabilities and Exposures (CVE) Information:

The Common Vulnerabilities and Exposures (CVE) project has assigned
the following names to these issues. These are candidates for
inclusion in the CVE list (http://cve.mitre.org), which standardizes
names for security problems.

CAN-2003-0231


@stake Vulnerability Reporting Policy:
http://www.atstake.com/research/policy/

@stake Advisory Archive:
http://www.atstake.com/research/advisories/

PGP Key:
http://www.atstake.com/research/pgp_key.asc

Copyright 2003 @stake, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBPx75Pke9kNIfAm4yEQIHMQCeOJEDixeR/pv4oLrPXlXotZwiDMUAn1Ea
BAyScxbEHPoXDHHma1VFKaa/
=2lzX
-----END PGP SIGNATURE-----


Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close