[25786] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Microsoft SQL Server 2000 pwdencrypt() buffer overflow

daemon@ATHENA.MIT.EDU (martin rakhmanoff)
Fri Jun 14 11:09:14 2002

Date: 14 Jun 2002 13:24:11 -0000
Message-ID: <20020614132411.8208.qmail@mail.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: martin rakhmanoff <jimmers@yandex.ru>
To: bugtraq@securityfocus.com

Microsoft SQL Server 2000 (up to SP2) suffers from buffer/heap overflow in 
built-in hashing function pwdencrypt(). Sample code shown below crashes 
SQL Server service and may lead to arbitrary code execution:

SELECT pwdencrypt(REPLICATE('A',353))

On some systems it may require lager amount of characters to cause 
overflow (1000 is enough in any case)

This was confirmed by Microsoft but is not known when the patch will be 
released.

Cheers

Martin Rakhmanoff (jimmers)
jimmers@yandex.ru


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[25786] in bugtraq

Microsoft SQL Server 2000 pwdencrypt() buffer overflow

daemon@ATHENA.MIT.EDU (martin rakhmanoff)Fri Jun 14 11:09:14 2002

daemon@ATHENA.MIT.EDU (martin rakhmanoff)
Fri Jun 14 11:09:14 2002