Signature Detail
Short Name |
HTTP:EXPLOIT:SQLXML-ISAPI-OF |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft SQL Server SQLXML-ASAPI Overflow |
Release Date |
2003/10/15 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Microsoft SQL Server SQLXML-ASAPI Overflow
This signature detects attempts to exploit a known vulnerability against the SQLXML-ASAPI Extension in Microsoft SQL Server 2000. The SQLXML-ASAPI extension handles data queries over HTTP (SQLXML HTTP); attackers can connect to the target host and submit maliciously crafted data to create a buffer overflow.
Extended Description
SQLXML is a component of SQL Server 2000, which enables SQL servers to receive and send database queries via XML (Extensible Markup Language) format. Such queries can be sent using various methods of communication, one of which is via HTTP. SQLXML HTTP components reside in a virtual directory on a web server and are not enabled by default, SQLXML ISAPI extensions run with LocalSystem privileges. A buffer overflow issue has been discovered in the SQLXML ISAPI extension that handles data queries over HTTP(SQLXML HTTP). It is possible for a user to initiate the overflow by connecting to a host and submitting malformed data. This issue has been reported to exist in SQL Server 2000 Gold, other versions may be vulnerable as well.
Affected Products
- Microsoft SQL Server 2000 SP1
- Microsoft SQL Server 2000 SP2
- Microsoft SQL Server 2000
References
- BugTraq: 5004
- CVE: CVE-2002-0186
- URL: http://www.kb.cert.org/vuls/id/811371