Many, many, many Sql Server 7 & 2000 Buffer Overflows

[c c <cesarc56 () yahoo com>]

Security Advisory 

Name : Many, many, many Sql Server 7 & 2000 Buffer
Overflows 
System Affected : Sql Server 7 & 2000 all service
packs and fixes.
Severity : High. 
Remote Exploit: Yes 
Author:  Cesar Cerrudo. 
Date:    03/12/2002 
Advisory Number:  CC030203 


Description :
Well people it's the same old history. No words.
Are you still using extended stored procedures?

Details:
Extended stored procedured affected in Sql Server 7 :
xp_repl_encrypt 
xp_proxiedmetadata --->Hoops this was alredy fixed
xp_oledbinfo 
xp_dsninfo 
xp_sqlinventory  --->Hoops this was alredy fixed


Extended stored procedured affected in Sql Server
2000:
xp_proxiedmetadata --->Hoops this was alredy fixed
xp_mergelineages  
xp_controlqueueservice
xp_createprivatequeue 
xp_createqueue 
xp_decodequeuecmd 
xp_deleteprivatequeue 
xp_deletequeue 
xp_displayqueuemesgs
xp_oledbinfo 
xp_readpkfromqueue 
xp_readpkfromvarbin 
xp_repl_encrypt 
xp_resetqueue 
xp_unpackcab 

Workaround : 
Drop the extended stored procedures and its DLL. 

What is better a workaround or a Microsoft fix?

Vendor Status : 
Microsoft was not contacted. 

Especial thanks to Aaron C. Newman for his
contribution in tests.
And very special thanks to Microsoft spies's for being
so stupids.

For complete details and test results : 
http://www.appsecinc.com/resources/alerts/mssql/02-0000.html




__________________________________________________
Do You Yahoo!?
Try FREE Yahoo! Mail - the world's greatest free email!
http://mail.yahoo.com/