Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion Groups
DB Engine
SQL ServerMSDESQL Server CE
Services
Analysis (Data Mining)Analysis (OLAP)DTSIntegration ServicesNotification ServicesReporting Services
Programming
CLRConnectivitySQLXML
Other Technologies
ClusteringEnglish QueryFull-Text SearchReplicationService Broker
General
Data WarehousingPerformanceSecuritySetupSQL Server ToolsOther SQL Server Topics
DirectoryUser Groups
Related Topics
MS AccessOther DB ProductsMS Server Products.NET DevelopmentVB DevelopmentJava DevelopmentMore Topics ...
SQL Server Forum / General / Security / March 2007

Tip: Looking for answers? Try searching our database.

sql 2005 vulnerability hello overflow?

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
ksb - 23 Mar 2007 20:06 GMT
we have built a new w2003 sp2, sql 2005 sp2 with hotfix server. Scanning with
Nexus tells us it is vulnerable to the hello overflow, CVE-2002-1123. How can
I find out for certain whether the server is vulnerable or not? need to be
able to show documentation to our security guy b4 can go into production.
Thanks VERY much.

The remote MS SQL server is vulnerable to the Hello overflow.

An attacker may use this flaw to execute commands against
the remote host as LOCAL/SYSTEM, as well as read your database content.

*** This alert might be a false positive.

Solution : Install Microsoft Patch Q316333 at
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q316333&sd=tech
or disable the Microsoft SQL Server service or use a firewall to protect the
MS SQL port (1433).

Risk factor : High
CVE : CVE-2002-1123
BID : 5411
Other references : IAVA:2002-B-0007, OSVDB:10132
Nessus ID : 11067
Reply to this Message
Jasper Smith - 24 Mar 2007 00:18 GMT
This does not apply to SQL 2005, just have a look at the KB article - it's
only relavent to SQL2000. Having looked at the product you used for the
scan, it seems no one has updated the scripts it uses to take account of
SQL2005.

Signature

HTH,
Jasper Smith (SQL Server MVP)
http://www.sqldbatips.com

> we have built a new w2003 sp2, sql 2005 sp2 with hotfix server. Scanning
> with
[quoted text clipped - 22 lines]
> Other references : IAVA:2002-B-0007, OSVDB:10132
> Nessus ID : 11067
Reply to this Message
K. Brian Kelley - 24 Mar 2007 19:12 GMT
To piggyback on Mr. Smith, for some reason Nessus is thinking it's a SQL
Server 2000 box because the following is in the NASL to test for the vulnerability:

version = get_kb_item("mssql/SQLVersion");
if(version)
{
if(!ereg(pattern:"^8\.00\.(0?[0-5][0-9][0-9]|0?6[0-5][0-9]|66[0-4])",
string:version))exit(0);
}

Note the regex pattern which is supposed to only filter for SQL Server version
8.00.x, meaning SQL Server 2000. Your security folks can confirm this here:

 http://www.nessus.org/plugins/index.php?view=viewsrc&id=11067

K. Brian Kelley, brian underscore kelley at sqlpass dot org
http://www.truthsolutions.com/

> we have built a new w2003 sp2, sql 2005 sp2 with hotfix server.
> Scanning with Nexus tells us it is vulnerable to the hello overflow,
[quoted text clipped - 20 lines]
> Other references : IAVA:2002-B-0007, OSVDB:10132
> Nessus ID : 11067
Reply to this Message
ksb - 28 Mar 2007 02:15 GMT
Thank you very much  Brian and Jasper.

> To piggyback on Mr. Smith, for some reason Nessus is thinking it's a SQL
> Server 2000 box because the following is in the NASL to test for the vulnerability:
[quoted text clipped - 38 lines]
> > Other references : IAVA:2002-B-0007, OSVDB:10132
> > Nessus ID : 11067
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2009 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.