Lucene search

SAINT CorporationSAINT:95AD625BCBA81C00EDD9414492D316AB

HistoryFeb 05, 2006 - 12:00 a.m.

Microsoft SQL Server 2000 resolution service buffer overflow

2006-02-0500:00:00

SAINT Corporation

my.saintcorporation.com

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.963 High

EPSS

Percentile

99.5%

JSON

Added: 02/05/2006
CVE: CVE-2002-0649
BID: 5310
OSVDB: 4577

Background

Microsoft SQL Server is a database server package for Windows platforms. SQL Server 2000 introduced the SQL Server Resolution Service, which runs on port 1434/UDP and identifies the port on which each SQL Server instance runs.

Problem

A buffer overflow vulnerability in the SQL Server Resolution Service in SQL Server 2000 allows remote attackers to execute arbitrary commands.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 02-039.

References

<http://www.kb.cert.org/vuls/id/399260>

Platforms

Windows

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.963 High

EPSS

Percentile

99.5%

JSON

Related for SAINT:95AD625BCBA81C00EDD9414492D316AB