Microsoft SQL Server MS02-039 patch (SQL_SSRP_DoS)

About this signature or vulnerability

RealSecure Network, RealSecure Server Sensor, BlackICE Agent for Server, BlackICE PC Protection, BlackICE Server Protection, Proventia Desktop, Proventia Network IDS, Proventia-G 1.1 and earlier, IBM Security Server Protection for Windows, Proventia Network MFS, RealSecure Desktop, Proventia Network IPS, RealSecure Desktop Protector 3.6, Virtual Server Protection for Vmware, Proventia Server IPS for Linux technology:

This event looks for a single UDP 'ping' type packet whose destination and source ports are 1434.


Default risk level

High risk vulnerability  High

Sensors that have this signature

RealSecure Network: XPU 20.10, RealSecure Network: XPU 5.9, RealSecure Server Sensor: XPU 20.11, BlackICE Agent for Server: 3.6eof, BlackICE PC Protection: 3.6cpa, BlackICE Server Protection: 3.6.cpa, Proventia Desktop: 8.0.614.1, Proventia Network IDS: XPU 20.10, Proventia-G 1.1 and earlier: G Series, IBM Security Server Protection for Windows: 1.0.914.0, IBM Security Server Protection for Windows: 2.1.14.2400, Proventia Network MFS: 1.0, RealSecure Desktop: baseline, Proventia Network IPS: 2.0, RealSecure Desktop Protector 3.6: baseline, Virtual Server Protection for Vmware: 1.0, Proventia Server IPS for Linux technology: 1.0

Systems affected

Microsoft Windows NT: 4.0, Microsoft Windows 2000, Microsoft SQL Server: 2000, Microsoft Windows 2003 Server

Type

Denial of Service

Vulnerability description

Microsoft SQL Server 2000 is vulnerable to multiple vulnerabilities, which are addressed in the patch released with Microsoft Security Bulletin MS02-039. The most serious of these vulnerabilities would allow a remote attacker to execute code on the system.

How to remove this vulnerability

Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS02-039. See References.

Microsoft Windows 2000
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS02-039.

References

Microsoft Security Bulletin MS02-039
Buffer Overruns in SQL Server 2000 Resolution Service Could Enable Code Execution (Q323875)
http://www.microsoft.com/technet/security/bulletin/ms02-039.mspx

CERT Advisory CA-2002-22
Multiple Vulnerabilities in Microsoft SQL Server
http://www.cert.org/advisories/CA-2002-22.html

IBM Internet Security Systems X-Force Database
Microsoft SQL Server Resolution Service keep-alive function denial of service
http://xforce.iss.net/xforce/xfdb/9662

IBM Internet Security Systems X-Force Database
Microsoft SQL Server Resolution Service buffer overflows
http://xforce.iss.net/xforce/xfdb/9661

NGSSoftware Insight Security Research Advisory #NISR25072002
Unauthenticated Remote Compromise in MS SQL Server 2000
http://www.nextgenss.com/advisories/mssql-udp.txt

ISS X-Force
Microsoft SQL Server MS02-039 patch
http://www.iss.net/security_center/static/9666.php

CVE
CVE-2002-0649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0649