Bugtraq mailing list archives

Remote DoS attack against Microsoft SQL Server 7.0

From: kbelian () BUSINESS-SOFT COM (Kevork Belian)
Date: Wed, 17 Nov 1999 16:20:45 +0200


Hi,
I'm not sure whether this has been already reported (though I couldn't find
relevant information).
MS SQL Server 7.0 silently crashes when sent a TCP packet containing more
than 2 NULLs as data.

Description:
I tested this on a machine running SQL Server version 7.00.699. The NT box
is running NT Server with SP 4 (I don't think the Service Pack is an issue
since NT is not affected).
If the TCP/IP net library is enabled, the 3 or greater NULL bytes crach SQL
Server listening on port 1433. The SQL server raises an event 17055 with
fatal exception EXCEPTION_ACCESS VIOLATION.

Can anyone reproduce this?

It's interesting to mention that:
    - 1 or 2 NULL bytes don't affect the system.
    - A nornal service restart will reboot SQL Server

rgrds
Kevork Belian

Current thread:

Windows NT update carries bug Williams, Ken (Nov 15)
- Re: Windows NT update carries bug Alan J. Wylie (Nov 16)
  - Re: Windows NT update carries bug Fabian Kroenner (Nov 16)
  - [Fwd: Printer Vulnerability: Tektronix PhaserLink Webserver gives Administrator Password] Dennis W. Mattison (Nov 16)
    - Jet Vulnerability affect Office 95 users (fwd) ah1 () SECURITYFOCUS COM (Nov 17)
    - Re: [Fwd: Printer Vulnerability: Tektronix PhaserLink Webserver gives Administrator Password] Ronan Waide (Nov 17)
    - Re: Tektronix PhaserLink Webserver Reveals Admin Password Blake Frantz (Nov 17)
    - Remote DoS attack against Microsoft SQL Server 7.0 Kevork Belian (Nov 17)
    - Re: Tektronix PhaserLink Webserver Reveals Admin Password elfchief () LUPINE ORG (Nov 18)
    - Potential vulnerability in Oracle Mary Ann Davidson (Nov 18)
    - Re: [Fwd: Printer Vulnerability: Tektronix PhaserLink Webservergives Administrator Password] Dennis W. Mattison (Nov 18)
    - buffer overflow in HP JetDirect module (probably affects all HP printers with network support) Tobias Haustein (Nov 19)
    - Re: buffer overflow in HP JetDirect module (probably affects all HP printers with network support) Brian (Nov 19)
    - Re: buffer overflow in HP JetDirect module (probably affects all HP printers with network support) Pat Hayden (Nov 20)
    - Remote DoS Attack in Vermillion FTP Daemon (VFTPD) v1.23 Vulnerability Ussr Labs (Nov 22)
- <Possible follow-ups>
- Re: Windows NT update carries bug Peter Kane (Nov 16)
- Re: Windows NT update carries bug Tony Plastino (Nov 16)