Title: Microsoft SQL Server SQLXML Buffer Overflow Vulnerability
Severity: CRITICAL
Description:
SQLXML is a component of SQL Server 2000, which enables SQL servers to receive and send database queries via XML (Extensible Markup Language) format. Such queries can be sent using various methods of communication, one of which is via HTTP. SQLXML HTTP components reside in a virtual directory on a web server and are not enabled by default, SQLXML ISAPI extensions run with LocalSystem privileges.
A buffer overflow issue has been discovered in the SQLXML ISAPI extension that handles data queries over HTTP(SQLXML HTTP).
It is possible for a user to initiate the overflow by connecting to a host via HTTP and submitting malformed data directly to the SQLXML HTTP component. The overflow condition occurs when an overly long value is given to the 'contenttype=' parameter.
If 'contenttype=' is given a value of greater than 240 characters, it is possible to cause inetinfo.exe to crash.
The malformed data could be used to overwrite stack variables including the return address, possibly to execute arbitrary code. The attacker may also crash the service by sending excessive amounts of data that has not specifically been designed to cause code execution.
Affected Products:
- Microsoft SQL Server 2000
- Microsoft SQL Server 2000 SP1
- Microsoft SQL Server 2000 SP2
References:
- CERT/CC: Vulnerability Note VU#811371
- Microsoft: Microsoft Security Bulletin MS02-030
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
