[prev in list] [next in list] [prev in thread] [next in thread]
List: vuln-dev
Subject: Possible DoS attack against Microsoft SQL Server 7.0
From: kbelian <kbelian () BUSINESS-SOFT ! COM>
Date: 1999-11-18 7:24:13
[Download RAW message or body]
Hi,
Excuse me if this has been already reported (though I couldn't find relevant \
information). MS SQL Server 7.0 silently crashes when sent a TCP packet containing \
more than 2 NULLs as data.
Description:
I tested this on a machine running SQL Server version 7.00.699. The NT box is running \
NT Server with SP 4 (I don't think the Service Pack is an issue since NT is not \
affected). If the TCP/IP net library is enabled, the 3 or greater NULL bytes crach \
SQL Server listening on port 1433. The SQL server raises an event 17055 with fatal \
exception EXCEPTION_ACCESS VIOLATION.
Can anyone reproduce this?
It's interesting to mention that:
- 1 or 2 NULL bytes don't affect the system.
- A nornal service restart will reboot SQL Server
Thanx.
Kevork Belian
[Attachment #3 (text/html)]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=iso-8859-1" http-equiv=Content-Type>
<META content="MSHTML 5.00.2314.1000" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT size=2>
<DIV><FONT size=2>Hi, </FONT></DIV>
<DIV><FONT size=2>Excuse me if this has been already reported (though I
couldn't find relevant information).</FONT></DIV>
<DIV><FONT size=2>MS SQL Server 7.0 silently crashes when sent a TCP packet
containing more than 2 NULLs as data. </FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=2>Description:</FONT></DIV>
<DIV><FONT size=2>I tested this on a machine running SQL Server <FONT
size=2>version 7.00.699. The NT box is running NT Server with SP 4 (I don't
think the Service Pack is an issue since NT is not affected).</FONT></FONT><FONT
size=2><FONT size=2></FONT></FONT></DIV>
<DIV><FONT size=2><FONT size=2>If the TCP/IP net library is enabled, the 3 or
greater NULL bytes crach SQL Server listening on port 1433. The SQL
server raises an event 17055 with fatal exception EXCEPTION_ACCESS
VIOLATION.</FONT></FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=2>Can anyone reproduce this?</FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=2>It's interesting to mention that:</FONT></DIV>
<DIV><FONT size=2> - 1 or 2 NULL bytes don't affect the
system.</FONT></DIV>
<DIV><FONT size=2> - A nornal service restart will reboot SQL
Server</FONT></DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV><FONT size=2>Thanx.</FONT></DIV>
<DIV><FONT size=2>Kevork Belian</FONT></DIV>
<DIV> </DIV></FONT></DIV></BODY></HTML>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic