Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2001-0542 | First vendor Publication | 2001-12-20 |
Vendor | Cve | Last vendor Modification | 2018-10-12 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0542 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:83 | |||
Oval ID: | oval:org.mitre.oval:def:83 | ||
Title: | Microsoft SQL Server 3-Function Buffer Overflow | ||
Description: | Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2001-0542 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft SQL Server |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 |
OpenVAS Exploits
Date | Description |
---|---|
2006-03-26 | Name : Microsoft's SQL Version Query File : nvt/mssql_version.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
10183 | Microsoft SQL Server xp_sprintf Function DoS SQL Server contains a flaw that may allow a remote denial of service. The issue is triggered when a specially crafted message which requires the service to use the xp_sprintf() function occurs, and will result in loss of availability for the service. |
10181 | Microsoft SQL Server formatmessage Function DoS SQL Server contains a flaw that may allow a remote denial of service. The issue is triggered when a specially crafted message which causes the service to use the formatmessage() function occurs, and will result in loss of availability for the service. |
10166 | Microsoft SQL Server raiserror Function DoS SQL Server contains a flaw that may allow a remote denial of service. The issue is triggered when a large RPC request consisting of NULL packets is sent, and will result in loss of availability for the service. |
10146 | Microsoft SQL Server xp_sprintf Function Overflow A remote overflow exists in SQL Server. The SQL Server fails to properly check the length specifier in the xp_sprintf() function resulting in a menory overflow. With a specially crafted request, an attacker can cause execution of arbitrary code resulting in a loss of confidentiality and/or integrity. |
10145 | Microsoft SQL Server formatmessage Function Overflow A remote overflow exists in SQL Server. Microsoft SQL Server fails to properly check content in the formatmessage() function resulting in a memory overflow. With a specially crafted request, an attacker can cause the execution of arbitrary code resulting in a loss of confidentiality and/or integrity. |
10144 | Microsoft SQL Server raiserror Function Overflow A remote overflow exists in SQL Server. The SQL Server fails to properly check the length specifier and format string specifiers of the raiseerror function resulting in a memory overflow. With a specially crafted request, an attacker can cause the execution of arbitrary code resulting in a loss of confidentiality or integrity. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | formatmessage possible buffer overflow RuleID : 8495 - Revision : 6 - Type : SQL |
2014-01-10 | formatmessage possible buffer overflow RuleID : 8494 - Revision : 6 - Type : SQL |
2014-01-10 | xp_sprintf possible buffer overflow RuleID : 704-community - Revision : 16 - Type : SERVER-MSSQL |
2014-01-10 | xp_sprintf possible buffer overflow RuleID : 704 - Revision : 16 - Type : SERVER-MSSQL |
2014-01-10 | xp_sprintf possible buffer overflow RuleID : 695-community - Revision : 14 - Type : SERVER-MSSQL |
2014-01-10 | xp_sprintf possible buffer overflow RuleID : 695 - Revision : 14 - Type : SERVER-MSSQL |
2014-01-10 | raiserror possible buffer overflow RuleID : 1387-community - Revision : 13 - Type : SQL |
2014-01-10 | raiserror possible buffer overflow RuleID : 1387 - Revision : 13 - Type : SQL |
2014-01-10 | raiserror possible buffer overflow RuleID : 1386-community - Revision : 15 - Type : SERVER-MSSQL |
2014-01-10 | raiserror possible buffer overflow RuleID : 1386 - Revision : 15 - Type : SERVER-MSSQL |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-02-02 01:01:39 |
|
2024-02-01 12:01:16 |
|
2023-09-05 12:01:35 |
|
2023-09-05 01:01:07 |
|
2023-09-02 12:01:36 |
|
2023-09-02 01:01:07 |
|
2023-08-12 12:01:56 |
|
2023-08-12 01:01:08 |
|
2023-08-11 12:01:39 |
|
2023-08-11 01:01:08 |
|
2023-08-06 12:01:31 |
|
2023-08-06 01:01:09 |
|
2023-08-04 12:01:35 |
|
2023-08-04 01:01:08 |
|
2023-07-14 12:01:33 |
|
2023-07-14 01:01:09 |
|
2023-03-29 01:01:32 |
|
2023-03-28 12:01:14 |
|
2022-10-11 12:01:23 |
|
2022-10-11 01:01:01 |
|
2021-05-04 12:01:22 |
|
2021-04-22 01:01:34 |
|
2020-05-23 00:14:38 |
|
2018-10-13 00:22:24 |
|
2017-12-19 09:22:05 |
|
2017-10-19 09:23:47 |
|
2016-10-18 12:00:54 |
|
2016-04-26 11:53:42 |
|
2015-10-23 13:20:12 |
|
2014-02-17 10:23:50 |
|
2014-01-19 21:21:27 |
|
2013-05-11 12:04:25 |
|