Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:708 |
Message | MS-SQL/SMB xp_enumresultset possible buffer overflow |
Summary | This event is generated when an attempt is made to overflow a buffer in the Microsoft SQL Server and Data Engine. |
Impact | Serious. A Denial of Service condition or execution of arbitrary code is possible. |
Detailed Information | A buffer overflow condition exists in some versions of Microsoft SQL Server and Data Engine that may allow an attacker to execute arbitrary code with system privileges or crash the SQL Server. The attacker must gain access to the SQL Server to exploit this vulnerability. |
Affected Systems | |
Attack Scenarios | Exploit code exists. |
Ease of Attack | Simple. Exploit code exists. |
Corrective Action | Apply the appropriate vendor supplied patches. Disallow direct access to the SQL server from sources external to the protected network. Ensure that this event was not generated by a legitimate session then investigate the server for signs of compromise Look for other events generated by the same IP addresses. |
Additional References | CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1082 Bugtraq: http://www.securityfocus.com/bid/2031 Microsoft: http://www.microsoft.com/technet/security/bulletin/ms00-092.asp |
Rule References | bugtraq: 2031 cve: 2000-1082 url: www.microsoft.com/technet/security/bulletin/MS00-092.mspx |
--
DID:304289
--
http://www.aanval.com/