SMB: MS-SQL Declare Exec Command Injection
This signature detects attempts to exploit a known vulnerability against Microsoft MS-SQL server. A successful attack can lead to arbitrary code execution. This attack is an encoded attack using the "DECLARE" and "EXEC" functions of MS-SQL to encode the attack and send it through SMB. This signature can false positive on normal DB administration traffic and should be exempted from any policy monitoring sessions between trusted hosts. Use this signature only to monitor sessions between your MS-SQL Servers and untrusted or unknown hosts.
Extended Description
Microsoft SQL Server is prone to a remote memory-corruption vulnerability because it fails to properly handle user-supplied input. Authenticated attackers can exploit this issue to execute arbitrary code and completely compromise affected computers. Failed attacks will likely cause denial-of-service conditions. The issue affects the following: Microsoft SQL Server 2000 Microsoft SQL Server 2005
Affected Products
Microsoft sql_server_2005
Short Name
SMB:MSSQL-DECLARE-EXEC
Severity
Major
Recommended
False
Recommended Action
Drop
Category
SMB
Keywords
Command Declare Exec Injection MS-SQL bid:32710
Release Date
02/17/2009
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Microsoft
Vmware