Multiple vulnerabilities have been discovered in Microsoft SQL Server 2000. The vulnerabilities let an attacker run arbitrary code on the SQL Server system in the context of a local administrator. Several extended stored procedures exist within SQL Server 2000 that are vulnerable to buffer overflow attacks. DEMONSTRATION The following extended stored procedures are found to be vulnerable, xp_peekqueue (xpqueue.dll), and xp_printstatements (xprepl.dll). The following query will return a directory tree of C:\WinNT; exec xp_dirtree C:\winnt If a malicious user was to pass extremely long strings in place of various parameters the buffer overflow will occure. VENDOR RESPONSE Microsoft has issued a security bulletin, MS00-092 and is available at; http://support.microsoft.com/support/sql/xp_security.asp CREDIT |
0 comments
Hide comments