Bugtraq mailing list archives
Remote DoS attack against Microsoft SQL Server 7.0
From: kbelian () BUSINESS-SOFT COM (Kevork Belian)
Date: Wed, 17 Nov 1999 16:20:45 +0200
Hi, I'm not sure whether this has been already reported (though I couldn't find relevant information). MS SQL Server 7.0 silently crashes when sent a TCP packet containing more than 2 NULLs as data. Description: I tested this on a machine running SQL Server version 7.00.699. The NT box is running NT Server with SP 4 (I don't think the Service Pack is an issue since NT is not affected). If the TCP/IP net library is enabled, the 3 or greater NULL bytes crach SQL Server listening on port 1433. The SQL server raises an event 17055 with fatal exception EXCEPTION_ACCESS VIOLATION. Can anyone reproduce this? It's interesting to mention that: - 1 or 2 NULL bytes don't affect the system. - A nornal service restart will reboot SQL Server rgrds Kevork Belian
Current thread:
- Windows NT update carries bug Williams, Ken (Nov 15)
- Re: Windows NT update carries bug Alan J. Wylie (Nov 16)
- Re: Windows NT update carries bug Fabian Kroenner (Nov 16)
- [Fwd: Printer Vulnerability: Tektronix PhaserLink Webserver gives Administrator Password] Dennis W. Mattison (Nov 16)
- Jet Vulnerability affect Office 95 users (fwd) ah1 () SECURITYFOCUS COM (Nov 17)
- Re: [Fwd: Printer Vulnerability: Tektronix PhaserLink Webserver gives Administrator Password] Ronan Waide (Nov 17)
- Re: Tektronix PhaserLink Webserver Reveals Admin Password Blake Frantz (Nov 17)
- Remote DoS attack against Microsoft SQL Server 7.0 Kevork Belian (Nov 17)
- Re: Tektronix PhaserLink Webserver Reveals Admin Password elfchief () LUPINE ORG (Nov 18)
- Potential vulnerability in Oracle Mary Ann Davidson (Nov 18)
- Re: [Fwd: Printer Vulnerability: Tektronix PhaserLink Webservergives Administrator Password] Dennis W. Mattison (Nov 18)
- buffer overflow in HP JetDirect module (probably affects all HP printers with network support) Tobias Haustein (Nov 19)
- Re: buffer overflow in HP JetDirect module (probably affects all HP printers with network support) Brian (Nov 19)
- Re: buffer overflow in HP JetDirect module (probably affects all HP printers with network support) Pat Hayden (Nov 20)
- Remote DoS Attack in Vermillion FTP Daemon (VFTPD) v1.23 Vulnerability Ussr Labs (Nov 22)
- Re: Windows NT update carries bug Alan J. Wylie (Nov 16)
- <Possible follow-ups>
- Re: Windows NT update carries bug Peter Kane (Nov 16)
- Re: Windows NT update carries bug Tony Plastino (Nov 16)