Executive Summary
Informations | |||
---|---|---|---|
Name | MS00-092 | First vendor Publication | N/A |
Vendor | Microsoft | Last vendor Modification | N/A |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 4.6 | Attack Range | Local |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Extended Stored Procedure Parameter Parsing Vulnerability |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:231 | |||
Oval ID: | oval:org.mitre.oval:def:231 | ||
Title: | SQL Server Extended Stored Procedure Parameter Parsing | ||
Description: | The xp_displayparamstmt function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2000-1081 | Version: | 2 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft SQL Server |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 | |
Application | 2 |
OpenVAS Exploits
Date | Description |
---|---|
2006-03-26 | Name : Microsoft's SQL Version Query File : nvt/mssql_version.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
10154 | Microsoft SQL Server xp_SetSQLSecurity Function Overflow A remote overflow exists in SQL Server, SQL Server Desktop Engine and MSDE. The products fail to properly limit the size of allowable input in the third parameter of the xp_SetSQLSecurity() function resulting in a buffer overflow. With a specially crafted request, an attacker can cause execution of arbitrary code or a denial of service resulting in a loss of integrity and/or availability. |
10153 | Microsoft SQL Server xp_proxiedmetadata Function Overflow A remote overflow exists in SQL Server, SQL Server Desktop Engine and MSDE. The products fail to properly limit the size of allowable input in the second parameter of the xp_proxiedmetadata() function resulting in a buffer overflow. With a specially crafted request, an attacker can cause execution of arbitrary code or a denial of service resulting in a loss of integrity and/or availability. |
10152 | Microsoft SQL Server xp_printstatements Function Overflow A remote overflow exists in SQL Server, SQL Server Desktop Engine and MSDE. The products fail to properly limit the size of allowable input in the first parameter of the xp_printstatements() function resulting in a buffer overflow. With a specially crafted request, an attacker can cause execution of arbitrary code or a denial of service resulting in a loss of integrity and/or availability. |
10151 | Microsoft SQL Server xp_peekqueue Function Overflow A remote overflow exists in SQL Server, SQL Server Desktop Engine and MSDE. The products fails to properly limit the size of allowable input in the first parameter of the xp_peekqueue() function resulting in a buffer overflow. With a specially crafted request, an attacker can cause execution of arbitrary code or a denial of service resulting in a loss of integrity and/or availability. |
10150 | Microsoft SQL Server xp_updatecolvbm Function Overflow A remote overflow exists in SQL Server, SQL Server Data Engine and MSDE. The products fail to properly parse input in the xp_updatecolvbm() function resulting in a buffer overflow. With a specially crafted request, an attacker can cause execution of arbitrary code or a denial of service resulting in a loss of integrity and/or availability. |
10149 | Microsoft SQL Server xp_showcolv Function Overflow A remote overflow exists in SQL Server, SQL Server Data Engine and MSDE. The programs fail to properly parse input in the xp_showcolv() function resulting in a buffer overflow. With a specially crafted request, an attacker can cause execution of arbitrary code or a denial of service resulting in a loss of integrity, and/or availability. |
10148 | Microsoft SQL Server xp_enumresultset Function Overflow A remote overflow exists in SQL Server, SQL Server Data Engine and MSDE. The programs fail to properly parse input in the xp_enumresultset() function resulting in a buffer overflow. With a specially crafted request, an attacker can cause execution of arbitrary code or a denial of service resulting in a loss of integrity and/or availability. |
10147 | Microsoft SQL Server xp_displayparamstmt Function Overflow A remote overflow exists in SQL Server, SQL Server Data Engine and MSDE. They fail to properly check the length of the srv_paraminfo function resulting in a buffer overflow. With a specially crafted request, an attacker can cause execution of arbitrary code or a denial of service resulting in a loss of integrity and/or availability. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | xp_updatecolvbm vulnerable function attempt RuleID : 8540 - Revision : 8 - Type : SERVER-MSSQL |
2014-01-10 | xp_updatecolvbm unicode vulnerable function attempt RuleID : 8539 - Revision : 10 - Type : SERVER-MSSQL |
2014-01-10 | xp_updatecolvbm unicode vulnerable function attempt RuleID : 8538 - Revision : 10 - Type : SERVER-MSSQL |
2014-01-10 | xp_sqlinventory unicode vulnerable function attempt RuleID : 8537 - Revision : 9 - Type : SERVER-MSSQL |
2014-01-10 | xp_sqlinventory vulnerable function attempt RuleID : 8536 - Revision : 9 - Type : SERVER-MSSQL |
2014-01-10 | xp_sqlinventory unicode vulnerable function attempt RuleID : 8535 - Revision : 9 - Type : SERVER-MSSQL |
2014-01-10 | xp_sqlagent_monitor unicode vulnerable function attempt RuleID : 8534 - Revision : 9 - Type : SERVER-MSSQL |
2014-01-10 | xp_sqlagent_monitor vulnerable function attempt RuleID : 8533 - Revision : 9 - Type : SERVER-MSSQL |
2014-01-10 | xp_sqlagent_monitor unicode vulnerable function attempt RuleID : 8532 - Revision : 9 - Type : SERVER-MSSQL |
2014-01-10 | xp_showcolv vulnerable function attempt RuleID : 8531 - Revision : 10 - Type : SERVER-MSSQL |
2014-01-10 | xp_showcolv unicode vulnerable function attempt RuleID : 8530 - Revision : 10 - Type : SERVER-MSSQL |
2014-01-10 | xp_showcolv unicode vulnerable function attempt RuleID : 8529 - Revision : 10 - Type : SERVER-MSSQL |
2014-01-10 | xp_SetSQLSecurity vulnerable function attempt RuleID : 8528 - Revision : 10 - Type : SERVER-MSSQL |
2014-01-10 | xp_SetSQLSecurity unicode vulnerable function attempt RuleID : 8527 - Revision : 10 - Type : SERVER-MSSQL |
2014-01-10 | xp_SetSQLSecurity unicode vulnerable function attempt RuleID : 8526 - Revision : 10 - Type : SERVER-MSSQL |
2014-01-10 | xp_proxiedmetadata vulnerable function attempt RuleID : 8525 - Revision : 10 - Type : SERVER-MSSQL |
2014-01-10 | xp_proxiedmetadata unicode vulnerable function attempt RuleID : 8524 - Revision : 10 - Type : SERVER-MSSQL |
2014-01-10 | xp_proxiedmetadata unicode vulnerable function attempt RuleID : 8523 - Revision : 10 - Type : SERVER-MSSQL |
2014-01-10 | xp_printstatements vulnerable function attempt RuleID : 8522 - Revision : 10 - Type : SERVER-MSSQL |
2014-01-10 | xp_printstatements unicode vulnerable function attempt RuleID : 8521 - Revision : 10 - Type : SERVER-MSSQL |
2014-01-10 | xp_printstatements unicode vulnerable function attempt RuleID : 8520 - Revision : 10 - Type : SERVER-MSSQL |
2014-01-10 | xp_peekqueue vulnerable function attempt RuleID : 8519 - Revision : 10 - Type : SERVER-MSSQL |
2014-01-10 | xp_peekqueue unicode vulnerable function attempt RuleID : 8518 - Revision : 10 - Type : SERVER-MSSQL |
2014-01-10 | xp_peekqueue unicode vulnerable function attempt RuleID : 8517 - Revision : 10 - Type : SERVER-MSSQL |
2014-01-10 | xp_oasetproperty vulnerable function attempt RuleID : 8516 - Revision : 9 - Type : SERVER-MSSQL |
2014-01-10 | xp_oasetproperty unicode vulnerable function attempt RuleID : 8515 - Revision : 9 - Type : SERVER-MSSQL |
2014-01-10 | xp_oasetproperty unicode vulnerable function attempt RuleID : 8514 - Revision : 9 - Type : SERVER-MSSQL |
2014-01-10 | xp_oamethod unicode vulnerable function attempt RuleID : 8513 - Revision : 9 - Type : SERVER-MSSQL |
2014-01-10 | xp_oamethod vulnerable function attempt RuleID : 8512 - Revision : 9 - Type : SERVER-MSSQL |
2014-01-10 | xp_oamethod unicode vulnerable function attempt RuleID : 8511 - Revision : 9 - Type : SERVER-MSSQL |
2014-01-10 | xp_oagetproperty vulnerable function attempt RuleID : 8510 - Revision : 9 - Type : SERVER-MSSQL |
2014-01-10 | xp_oagetproperty unicode vulnerable function attempt RuleID : 8509 - Revision : 7 - Type : SERVER-MSSQL |
2014-01-10 | xp_oagetproperty unicode vulnerable function attempt RuleID : 8508 - Revision : 7 - Type : SERVER-MSSQL |
2014-01-10 | xp_oadestroy vulnerable function attempt RuleID : 8507 - Revision : 7 - Type : SERVER-MSSQL |
2014-01-10 | xp_oadestroy unicode vulnerable function attempt RuleID : 8506 - Revision : 7 - Type : SERVER-MSSQL |
2014-01-10 | xp_oadestroy unicode vulnerable function attempt RuleID : 8505 - Revision : 7 - Type : SERVER-MSSQL |
2014-01-10 | xp_enumresultset vulnerable function attempt RuleID : 8504 - Revision : 8 - Type : SERVER-MSSQL |
2014-01-10 | xp_enumresultset unicode vulnerable function attempt RuleID : 8503 - Revision : 8 - Type : SERVER-MSSQL |
2014-01-10 | xp_enumresultset unicode vulnerable function attempt RuleID : 8502 - Revision : 8 - Type : SERVER-MSSQL |
2014-01-10 | xp_displayparamstmt vulnerable function attempt RuleID : 8501 - Revision : 8 - Type : SERVER-MSSQL |
2014-01-10 | xp_displayparamstmt unicode vulnerable function attempt RuleID : 8500 - Revision : 8 - Type : SERVER-MSSQL |
2014-01-10 | xp_displayparamstmt unicode vulnerable function attempt RuleID : 8499 - Revision : 10 - Type : SERVER-MSSQL |
2014-01-10 | sp_oacreate unicode vulnerable function attempt RuleID : 8498 - Revision : 9 - Type : SERVER-MSSQL |
2014-01-10 | sp_oacreate vulnerable function attempt RuleID : 8497 - Revision : 9 - Type : SERVER-MSSQL |
2014-01-10 | sp_oacreate unicode vulnerable function attempt RuleID : 8496 - Revision : 7 - Type : SERVER-MSSQL |
2014-01-10 | DELETED SQL/SMB xp_enumresultset possible buffer overflow RuleID : 708 - Revision : 14 - Type : SQL |
2014-01-10 | xp_proxiedmetadata possible buffer overflow RuleID : 707 - Revision : 15 - Type : SQL |
2014-01-10 | xp_peekqueue possible buffer overflow RuleID : 706 - Revision : 13 - Type : SQL |
2014-01-10 | xp_showcolv possible buffer overflow RuleID : 705 - Revision : 13 - Type : SQL |
2014-01-10 | DELETED SQL/SMB xp_setsqlsecurity possible buffer overflow RuleID : 703 - Revision : 14 - Type : SQL |
2014-01-10 | DELETED SQL/SMB xp_displayparamstmt possible buffer overflow RuleID : 702 - Revision : 14 - Type : SQL |
2014-01-10 | xp_updatecolvbm possible buffer overflow RuleID : 701 - Revision : 13 - Type : SQL |
2014-01-10 | DELETED SQL/SMB xp_updatecolvbm possible buffer overflow RuleID : 700 - Revision : 14 - Type : SQL |
2014-01-10 | xp_printstatements possible buffer overflow RuleID : 699 - Revision : 13 - Type : SQL |
2014-01-10 | DELETED SQL/SMB xp_proxiedmetadata possible buffer overflow RuleID : 698 - Revision : 14 - Type : SQL |
2014-01-10 | DELETED SQL/SMB xp_peekqueue possible buffer overflow RuleID : 697 - Revision : 14 - Type : SQL |
2014-01-10 | DELETED SQL/SMB xp_showcolv possible buffer overflow RuleID : 696 - Revision : 14 - Type : SQL |
2014-01-10 | DELETED SQL/SMB xp_printstatements possible buffer overflow RuleID : 690 - Revision : 13 - Type : SQL |
2014-01-10 | xp_enumresultset possible buffer overflow RuleID : 682 - Revision : 14 - Type : SQL |
2014-01-10 | xp_setsqlsecurity possible buffer overflow RuleID : 675 - Revision : 13 - Type : SQL |
2014-01-10 | xp_displayparamstmt possible buffer overflow RuleID : 674 - Revision : 12 - Type : SQL |
Alert History
Date | Informations |
---|---|
2014-01-19 21:29:44 |
|