Microsoft SQL Server Denial of Service vulnerability
| Attack ID: | CPAI-2004-43 |
 |
|
| Publish Date: | |
|
|
| Category: | Microsoft SQL Server Denial of Service vulnerability |
|
|
| Vulnerable Systems: | Microsoft SQL Server 7.0 |
|
|
| Source: | Security Tracker |
|
|
| Description: | A denial of Service vulnerability exists in Microsoft SQL Server 7.0. A remote attacker may cause the database service to crash by sending a specially crafted packet that is larger than the buffer allowed. This vulnerability may result in a Denial of Service condition. |
|
|
| Severity: | |
| Details: | A remote user can supply a large buffer (700000 byte) with a specially crafted packet that may cause the database service ('mssqlserver') to crash. This may result in a denial of service condition. |
|
|
| Attack Detection: | Users of VPN-1 NG with Application Intelligence R55, R55W and InterSpect who have applied the solution outlined below, will be able to identify the attack using SmartView Tracker. Users of R55 will identify the rule number 6999 appearing on the SmartView Tracker log viewer. Users of R55W and InterSpect will receive the following log entries: Attack Name: MS-SQL Server protocol enforcement
|
|
|
| Solution: | To block this vulnerability, Check Point has enhanced its MS-SQL Server protocol protection released January 27, 2004 (Advisory CPAI-2004-03). This Update enhances the SA administrator with blank password protection. Users of VPN-1 NG with Application Intelligence R55, R55W and InterSpect should update their SmartDefense by clicking the Update Now button (R55)/ Online Updates button (R55W, InterSpect) on the SmartDashboard General window. To enable the protection: 1. On the SmartDefense navigation tree, click Application Intelligence, click MS-SQL and enable MS-SQL Server protocol.
2. Enable 'Block login attempt with blank password'.
3. Install policy on all modules. |
|
|
| Industry Reference: | |
|
|
| Additional Information: | CPAI-2004-03 |
