Microsoft SQL Server Hello buffer overflow

2006-08-07T00:00:00
ID SAINT:97D1294F6902EA021AB6D55AF4C3477A
Type saint
Reporter SAINT Corporation
Modified 2006-08-07T00:00:00

Description

Added: 08/07/2006
CVE: CVE-2002-1123
BID: 5411
OSVDB: 10132

Background

Microsoft SQL Server is a database server package for Windows platforms.

Problem

Microsoft SQL Server 2000 is affected by a buffer overflow vulnerability in the code which handles user authentication. This allows a remote attacker to execute arbitrary commands.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 02-056.

References

<http://www.microsoft.com/technet/security/bulletin/ms02-056.mspx>

Limitations

Exploit works on Microsoft SQL Server 2000 SP2 on Windows 2000.

Platforms

Windows