Security Advisory

Name : Many, many, many Sql Server 7 & 2000 Buffer
Overflows
System Affected : Sql Server 7 & 2000 all service
packs and fixes.
Severity : High.
Remote Exploit: Yes
Author: Cesar Cerrudo.
Date: 03/12/2002
Advisory Number: CC030203

Description :
Well people it's the same old history. No words.
Are you still using extended stored procedures?

Details:
Extended stored procedured affected in Sql Server 7 :
xp_repl_encrypt
xp_proxiedmetadata --->Hoops this was alredy fixed
xp_oledbinfo
xp_dsninfo
xp_sqlinventory --->Hoops this was alredy fixed

Extended stored procedured affected in Sql Server
2000:
xp_proxiedmetadata --->Hoops this was alredy fixed
xp_mergelineages
xp_controlqueueservice
xp_createprivatequeue
xp_createqueue
xp_decodequeuecmd
xp_deleteprivatequeue
xp_deletequeue
xp_displayqueuemesgs
xp_oledbinfo
xp_readpkfromqueue
xp_readpkfromvarbin
xp_repl_encrypt
xp_resetqueue
xp_unpackcab

Workaround :
Drop the extended stored procedures and its DLL.

What is better a workaround or a Microsoft fix?

Vendor Status :
Microsoft was not contacted.

Especial thanks to Aaron C. Newman for his
contribution in tests.
And very special thanks to Microsoft spies's for being
so stupids.

For complete details and test results :
http://www.appsecinc.com/resources/alerts/mssql/02-0000.html

__________________________________________________
Do You Yahoo!?
Try FREE Yahoo! Mail - the world's greatest free email!
http://mail.yahoo.com/

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]