Microsoft SQL Server MS02-039 patch (SQL_SSRP_DoS)

About this signature or vulnerability

RealSecure Network, RealSecure Server Sensor, BlackICE Server Protection, Proventia Server IPS for Microsoft Windows technology, BlackICE PC Protection, BlackICE Agent for Server, Proventia Desktop, Proventia Network IPS, RealSecure Desktop Protector 3.6, Proventia Server IPS for Linux technology, Proventia-G 1.1 and earlier, Proventia Network IDS, Proventia Network MFS:

This event looks for a single UDP 'ping' type packet whose destination and source ports are 1434.


Default risk level

High risk vulnerability  High

Sensors that have this signature

RealSecure Network: XPU 20.10, RealSecure Network: XPU 5.9, RealSecure Server Sensor: XPU 20.11, BlackICE Server Protection: 3.6.cpa, Proventia Server IPS for Microsoft Windows technology: 1.0.914.0, BlackICE PC Protection: 3.6cpa, BlackICE Agent for Server: 3.6eof, Proventia Desktop: 8.0.614.1, Proventia Network IPS: 2.0, RealSecure Desktop Protector 3.6: baseline, Proventia Server IPS for Linux technology: 1.0, Proventia-G 1.1 and earlier: G Series, Proventia Network IDS: XPU 20.10, Proventia Network MFS: 1.0, RealSecure Desktop: baseline

Systems affected

Microsoft Windows NT: 4.0, Microsoft Windows 2000, Microsoft SQL Server: 2000, Microsoft Windows 2003 Server

Type

Denial of Service

Vulnerability description

Microsoft SQL Server 2000 is vulnerable to multiple vulnerabilities, which are addressed in the patch released with Microsoft Security Bulletin MS02-039. The most serious of these vulnerabilities would allow a remote attacker to execute code on the system.

How to remove this vulnerability

Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS02-039. See References.

Microsoft Windows 2000
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS02-039.

References

Microsoft Security Bulletin MS02-039
Buffer Overruns in SQL Server 2000 Resolution Service Could Enable Code Execution (Q323875)
http://www.microsoft.com/technet/security/bulletin/ms02-039.mspx

CERT Advisory CA-2002-22
Multiple Vulnerabilities in Microsoft SQL Server
http://www.cert.org/advisories/CA-2002-22.html

IBM Internet Security Systems X-Force Database
Microsoft SQL Server Resolution Service keep-alive function denial of service
http://xforce.iss.net/xforce/xfdb/9662

IBM Internet Security Systems X-Force Database
Microsoft SQL Server Resolution Service buffer overflows
http://xforce.iss.net/xforce/xfdb/9661

NGSSoftware Insight Security Research Advisory #NISR25072002
Unauthenticated Remote Compromise in MS SQL Server 2000
http://www.nextgenss.com/advisories/mssql-udp.txt

ISS X-Force
Microsoft SQL Server MS02-039 patch
http://www.iss.net/security_center/static/9666.php

CVE
CVE-2002-0649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0649