| Last Updated Date | Apr 22, 2008 |
| Release Date | Mar 06, 2006 |
| Severity | High |
| Impact | System compromise: Remote code execution, worm infection |
| Description | This indicates an attempt by the SQL Slammer worm to exploit a buffer-overflow vulnerability in Microsoft SQL Server.
The vulnerability results from the the way that Microsoft SQL servers process input on the SQL Server Resolution Service on port 1434. By sending a specially crafted UDP packet, a remote attacker can execute arbitrary code on a vulnerable system. The SQL Slammer worm takes advantage of this to spread through local networks and the Internet. The worm first scans rapidly for vulnerable systems, and it is this scanning activity that has degraded service across the entire Internet. |
| Affected Products | MS SQL 2000 server. |
| Recommended Actions | Apply the latest SQL Server patches from Microsoft:
http://www.microsoft.com/technet/security/Bulletin/MS02-039.mspx
Block external access to the Microsoft SQL service on port 1433 and 1434. |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649
|
| Microsoft Bulletin ID | MS02-039 http://www.microsoft.com/technet/security/Bulletin/MS02-039.mspx |
| Reference/s | http://www.securityfocus.com/bid/5310 (BugTraq)
http://www.securityfocus.com/bid/5311 (BugTraq)
http://www.cert.org/advisories/CA-2003-04.html
|