Microsoft SQL Server Client Utilities UDP Broadcasts Buffer Overflow Vulnerability

Thursday Aug 21st 2003 by DatabaseJournal.com Staff
Share:

A Unicode buffer overflow exists in MDAC which is used by the SQL Server SQL-DMO library that could allow a remote user to execute malicious code on the target computer.

[From Help Net Security]

A Unicode buffer overflow exists in MDAC which is used by the SQL Server SQL-DMO library that could allow a remote user to execute malicious code on the target computer. The vulnerability does not occur when accepting incoming connections, but rather in the response to broadcast queries.

All SQL Servers receiving the broadcast request respond with a standard UDP packet. If a malicious machine responds to this broadcast with an overlong packet a stack buffer overflow occur.

The article continues at http://www.net-security.org/vuln.php?id=2899

Share:
Home
Mobile Site | Full Site
Copyright 2017 © QuinStreet Inc. All Rights Reserved