DB: MS-SQL Server pwdencrypt() Buffer Overflow

This signature detects attempts to exploit a known vulnerability against Microsoft SQL Server. Microsoft SQL Server 2000 Service Pack 2 and prior are vulnerable. Attackers can send a long string to the pwdencrypt() function in SQL Server to crash the SQL service. The service restarts automatically, but the operating system does not.

Extended Description

A buffer overflow vulnerability has been reported in SQL Server 2000. The vunerability is a result of an unchecked buffer when using the password encrypt procedure. This procedure is used by administrators to provides support for the storage of SQL Server Authentication credentials. The overrun condition is due to an unbounded data copy operation that occurs when processing the procedure arguments. Attackers may exploit this vulnerability by invoking the password encrypt procedure with excessive input. This issue may be related to the vulnerabilities reported in Bugtraq ID 4847.

Affected Products

Microsoft sql_server_2000

References

BugTraq: 5014

CVE: CVE-2002-0624

URL: http://securityvulns.com/docs3083.html http://www.microsoft.com/technet/security/bulletin/ms02-034.asp http://oval.mitre.org/oval/definitions/data/oval291.html

Short Name

DB:MS-SQL:PWD-ENCRYPT

Severity

Major

Recommended

False

Recommended Action

None

DB: MS-SQL Server pwdencrypt() Buffer Overflow

Extended Description

Affected Products

References

Found a potential security threat?