[12667] in bugtraq
Remote DoS attack against Microsoft SQL Server 7.0
daemon@ATHENA.MIT.EDU (Kevork Belian)
Fri Nov 19 18:57:36 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <003601bf3107$183c4b80$7e0e7ec2@hitech.inco.com.lb>
Date: Wed, 17 Nov 1999 16:20:45 +0200
Reply-To: Kevork Belian <kbelian@BUSINESS-SOFT.COM>
From: Kevork Belian <kbelian@BUSINESS-SOFT.COM>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
Hi,
I'm not sure whether this has been already reported (though I couldn't find
relevant information).
MS SQL Server 7.0 silently crashes when sent a TCP packet containing more
than 2 NULLs as data.
Description:
I tested this on a machine running SQL Server version 7.00.699. The NT box
is running NT Server with SP 4 (I don't think the Service Pack is an issue
since NT is not affected).
If the TCP/IP net library is enabled, the 3 or greater NULL bytes crach SQL
Server listening on port 1433. The SQL server raises an event 17055 with
fatal exception EXCEPTION_ACCESS VIOLATION.
Can anyone reproduce this?
It's interesting to mention that:
- 1 or 2 NULL bytes don't affect the system.
- A nornal service restart will reboot SQL Server
rgrds
Kevork Belian
