[12667] in bugtraq

home help back first fref pref prev next nref lref last post

Remote DoS attack against Microsoft SQL Server 7.0

daemon@ATHENA.MIT.EDU (Kevork Belian)
Fri Nov 19 18:57:36 1999

Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id:  <003601bf3107$183c4b80$7e0e7ec2@hitech.inco.com.lb>
Date:         Wed, 17 Nov 1999 16:20:45 +0200
Reply-To: Kevork Belian <kbelian@BUSINESS-SOFT.COM>
From: Kevork Belian <kbelian@BUSINESS-SOFT.COM>
X-To:         BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM

Hi,
I'm not sure whether this has been already reported (though I couldn't find
relevant information).
MS SQL Server 7.0 silently crashes when sent a TCP packet containing more
than 2 NULLs as data.

Description:
I tested this on a machine running SQL Server version 7.00.699. The NT box
is running NT Server with SP 4 (I don't think the Service Pack is an issue
since NT is not affected).
If the TCP/IP net library is enabled, the 3 or greater NULL bytes crach SQL
Server listening on port 1433. The SQL server raises an event 17055 with
fatal exception EXCEPTION_ACCESS VIOLATION.

Can anyone reproduce this?

It's interesting to mention that:
    - 1 or 2 NULL bytes don't affect the system.
    - A nornal service restart will reboot SQL Server


rgrds
Kevork Belian

home help back first fref pref prev next nref lref last post