Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0649

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-0649
Last Modified 10 Sep 2008 03:12:39
Published 12 Aug 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0649

Summary

Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption, as exploited by the Slammer/Sapphire worm.

Vulnerable Systems

Application

  • Microsoft Data Engine 2000

  • Microsoft Sql Server 2000


References

CERT-VN - VU#484891

CERT-VN - VU#399260

CERT - CA-2003-04

CERT - CA-2002-22

MS - MS02-039

BID - 5310

BUGTRAQ - 20030201 The Spread of the Sapphire/Slammer SQL Worm

BUGTRAQ - 20030130 RE: MSDE contained in...

BUGTRAQ - 20030129 Re: MSDE contained in...

BUGTRAQ - 20030128 Re: MSDE contained in...

BUGTRAQ - 20030128 RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!

BUGTRAQ - 20030126 Tool: Sapphire SQL Worm Scanner

BUGTRAQ - 20030125 Sapphire SQL Worm Analysis Complete

BUGTRAQ - 20030126 RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!

BUGTRAQ - 20030125 RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!

BUGTRAQ - 20030125 SQL Sapphire Worm Analysis

BUGTRAQ - 20030125 Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!

BUGTRAQ - 20030125 Fw: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!

BUGTRAQ - 20030125 MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!

SECUNIA - 7945

NTBUGTRAQ - 20020725 Microsoft SQL Server 2000 Unauthenticated System Compromise (#NISR25072002)


Last Updated: 27 May 2016 10:37:00