Executive Summary

Informations
Name MS00-092 First vendor Publication N/A
Vendor Microsoft Last vendor Modification N/A
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 4.6 Attack Range Local
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Extended Stored Procedure Parameter Parsing Vulnerability

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:231
 
Oval ID: oval:org.mitre.oval:def:231
Title: SQL Server Extended Stored Procedure Parameter Parsing
Description: The xp_displayparamstmt function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
Family: windows Class: vulnerability
Reference(s): CVE-2000-1081
 Version: 2
Platform(s): Microsoft Windows 2000
 Product(s): Microsoft SQL Server
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2
Application 2

OpenVAS Exploits

Date Description
2006-03-26 Name : Microsoft's SQL Version Query
File : nvt/mssql_version.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
10154 Microsoft SQL Server xp_SetSQLSecurity Function Overflow

A remote overflow exists in SQL Server, SQL Server Desktop Engine and MSDE. The products fail to properly limit the size of allowable input in the third parameter of the xp_SetSQLSecurity() function resulting in a buffer overflow. With a specially crafted request, an attacker can cause execution of arbitrary code or a denial of service resulting in a loss of integrity and/or availability.
10153 Microsoft SQL Server xp_proxiedmetadata Function Overflow

A remote overflow exists in SQL Server, SQL Server Desktop Engine and MSDE. The products fail to properly limit the size of allowable input in the second parameter of the xp_proxiedmetadata() function resulting in a buffer overflow. With a specially crafted request, an attacker can cause execution of arbitrary code or a denial of service resulting in a loss of integrity and/or availability.
10152 Microsoft SQL Server xp_printstatements Function Overflow

A remote overflow exists in SQL Server, SQL Server Desktop Engine and MSDE. The products fail to properly limit the size of allowable input in the first parameter of the xp_printstatements() function resulting in a buffer overflow. With a specially crafted request, an attacker can cause execution of arbitrary code or a denial of service resulting in a loss of integrity and/or availability.
10151 Microsoft SQL Server xp_peekqueue Function Overflow

A remote overflow exists in SQL Server, SQL Server Desktop Engine and MSDE. The products fails to properly limit the size of allowable input in the first parameter of the xp_peekqueue() function resulting in a buffer overflow. With a specially crafted request, an attacker can cause execution of arbitrary code or a denial of service resulting in a loss of integrity and/or availability.
10150 Microsoft SQL Server xp_updatecolvbm Function Overflow

A remote overflow exists in SQL Server, SQL Server Data Engine and MSDE. The products fail to properly parse input in the xp_updatecolvbm() function resulting in a buffer overflow. With a specially crafted request, an attacker can cause execution of arbitrary code or a denial of service resulting in a loss of integrity and/or availability.
10149 Microsoft SQL Server xp_showcolv Function Overflow

A remote overflow exists in SQL Server, SQL Server Data Engine and MSDE. The programs fail to properly parse input in the xp_showcolv() function resulting in a buffer overflow. With a specially crafted request, an attacker can cause execution of arbitrary code or a denial of service resulting in a loss of integrity, and/or availability.
10148 Microsoft SQL Server xp_enumresultset Function Overflow

A remote overflow exists in SQL Server, SQL Server Data Engine and MSDE. The programs fail to properly parse input in the xp_enumresultset() function resulting in a buffer overflow. With a specially crafted request, an attacker can cause execution of arbitrary code or a denial of service resulting in a loss of integrity and/or availability.
10147 Microsoft SQL Server xp_displayparamstmt Function Overflow

A remote overflow exists in SQL Server, SQL Server Data Engine and MSDE. They fail to properly check the length of the srv_paraminfo function resulting in a buffer overflow. With a specially crafted request, an attacker can cause execution of arbitrary code or a denial of service resulting in a loss of integrity and/or availability.

Snort® IPS/IDS

Date Description
2014-01-10 xp_updatecolvbm vulnerable function attempt
RuleID : 8540 - Revision : 8 - Type : SERVER-MSSQL
2014-01-10 xp_updatecolvbm unicode vulnerable function attempt
RuleID : 8539 - Revision : 10 - Type : SERVER-MSSQL
2014-01-10 xp_updatecolvbm unicode vulnerable function attempt
RuleID : 8538 - Revision : 10 - Type : SERVER-MSSQL
2014-01-10 xp_sqlinventory unicode vulnerable function attempt
RuleID : 8537 - Revision : 9 - Type : SERVER-MSSQL
2014-01-10 xp_sqlinventory vulnerable function attempt
RuleID : 8536 - Revision : 9 - Type : SERVER-MSSQL
2014-01-10 xp_sqlinventory unicode vulnerable function attempt
RuleID : 8535 - Revision : 9 - Type : SERVER-MSSQL
2014-01-10 xp_sqlagent_monitor unicode vulnerable function attempt
RuleID : 8534 - Revision : 9 - Type : SERVER-MSSQL
2014-01-10 xp_sqlagent_monitor vulnerable function attempt
RuleID : 8533 - Revision : 9 - Type : SERVER-MSSQL
2014-01-10 xp_sqlagent_monitor unicode vulnerable function attempt
RuleID : 8532 - Revision : 9 - Type : SERVER-MSSQL
2014-01-10 xp_showcolv vulnerable function attempt
RuleID : 8531 - Revision : 10 - Type : SERVER-MSSQL
2014-01-10 xp_showcolv unicode vulnerable function attempt
RuleID : 8530 - Revision : 10 - Type : SERVER-MSSQL
2014-01-10 xp_showcolv unicode vulnerable function attempt
RuleID : 8529 - Revision : 10 - Type : SERVER-MSSQL
2014-01-10 xp_SetSQLSecurity vulnerable function attempt
RuleID : 8528 - Revision : 10 - Type : SERVER-MSSQL
2014-01-10 xp_SetSQLSecurity unicode vulnerable function attempt
RuleID : 8527 - Revision : 10 - Type : SERVER-MSSQL
2014-01-10 xp_SetSQLSecurity unicode vulnerable function attempt
RuleID : 8526 - Revision : 10 - Type : SERVER-MSSQL
2014-01-10 xp_proxiedmetadata vulnerable function attempt
RuleID : 8525 - Revision : 10 - Type : SERVER-MSSQL
2014-01-10 xp_proxiedmetadata unicode vulnerable function attempt
RuleID : 8524 - Revision : 10 - Type : SERVER-MSSQL
2014-01-10 xp_proxiedmetadata unicode vulnerable function attempt
RuleID : 8523 - Revision : 10 - Type : SERVER-MSSQL
2014-01-10 xp_printstatements vulnerable function attempt
RuleID : 8522 - Revision : 10 - Type : SERVER-MSSQL
2014-01-10 xp_printstatements unicode vulnerable function attempt
RuleID : 8521 - Revision : 10 - Type : SERVER-MSSQL
2014-01-10 xp_printstatements unicode vulnerable function attempt
RuleID : 8520 - Revision : 10 - Type : SERVER-MSSQL
2014-01-10 xp_peekqueue vulnerable function attempt
RuleID : 8519 - Revision : 10 - Type : SERVER-MSSQL
2014-01-10 xp_peekqueue unicode vulnerable function attempt
RuleID : 8518 - Revision : 10 - Type : SERVER-MSSQL
2014-01-10 xp_peekqueue unicode vulnerable function attempt
RuleID : 8517 - Revision : 10 - Type : SERVER-MSSQL
2014-01-10 xp_oasetproperty vulnerable function attempt
RuleID : 8516 - Revision : 9 - Type : SERVER-MSSQL
2014-01-10 xp_oasetproperty unicode vulnerable function attempt
RuleID : 8515 - Revision : 9 - Type : SERVER-MSSQL
2014-01-10 xp_oasetproperty unicode vulnerable function attempt
RuleID : 8514 - Revision : 9 - Type : SERVER-MSSQL
2014-01-10 xp_oamethod unicode vulnerable function attempt
RuleID : 8513 - Revision : 9 - Type : SERVER-MSSQL
2014-01-10 xp_oamethod vulnerable function attempt
RuleID : 8512 - Revision : 9 - Type : SERVER-MSSQL
2014-01-10 xp_oamethod unicode vulnerable function attempt
RuleID : 8511 - Revision : 9 - Type : SERVER-MSSQL
2014-01-10 xp_oagetproperty vulnerable function attempt
RuleID : 8510 - Revision : 9 - Type : SERVER-MSSQL
2014-01-10 xp_oagetproperty unicode vulnerable function attempt
RuleID : 8509 - Revision : 7 - Type : SERVER-MSSQL
2014-01-10 xp_oagetproperty unicode vulnerable function attempt
RuleID : 8508 - Revision : 7 - Type : SERVER-MSSQL
2014-01-10 xp_oadestroy vulnerable function attempt
RuleID : 8507 - Revision : 7 - Type : SERVER-MSSQL
2014-01-10 xp_oadestroy unicode vulnerable function attempt
RuleID : 8506 - Revision : 7 - Type : SERVER-MSSQL
2014-01-10 xp_oadestroy unicode vulnerable function attempt
RuleID : 8505 - Revision : 7 - Type : SERVER-MSSQL
2014-01-10 xp_enumresultset vulnerable function attempt
RuleID : 8504 - Revision : 8 - Type : SERVER-MSSQL
2014-01-10 xp_enumresultset unicode vulnerable function attempt
RuleID : 8503 - Revision : 8 - Type : SERVER-MSSQL
2014-01-10 xp_enumresultset unicode vulnerable function attempt
RuleID : 8502 - Revision : 8 - Type : SERVER-MSSQL
2014-01-10 xp_displayparamstmt vulnerable function attempt
RuleID : 8501 - Revision : 8 - Type : SERVER-MSSQL
2014-01-10 xp_displayparamstmt unicode vulnerable function attempt
RuleID : 8500 - Revision : 8 - Type : SERVER-MSSQL
2014-01-10 xp_displayparamstmt unicode vulnerable function attempt
RuleID : 8499 - Revision : 10 - Type : SERVER-MSSQL
2014-01-10 sp_oacreate unicode vulnerable function attempt
RuleID : 8498 - Revision : 9 - Type : SERVER-MSSQL
2014-01-10 sp_oacreate vulnerable function attempt
RuleID : 8497 - Revision : 9 - Type : SERVER-MSSQL
2014-01-10 sp_oacreate unicode vulnerable function attempt
RuleID : 8496 - Revision : 7 - Type : SERVER-MSSQL
2014-01-10 DELETED SQL/SMB xp_enumresultset possible buffer overflow
RuleID : 708 - Revision : 14 - Type : SQL
2014-01-10 xp_proxiedmetadata possible buffer overflow
RuleID : 707 - Revision : 15 - Type : SQL
2014-01-10 xp_peekqueue possible buffer overflow
RuleID : 706 - Revision : 13 - Type : SQL
2014-01-10 xp_showcolv possible buffer overflow
RuleID : 705 - Revision : 13 - Type : SQL
2014-01-10 DELETED SQL/SMB xp_setsqlsecurity possible buffer overflow
RuleID : 703 - Revision : 14 - Type : SQL
2014-01-10 DELETED SQL/SMB xp_displayparamstmt possible buffer overflow
RuleID : 702 - Revision : 14 - Type : SQL
2014-01-10 xp_updatecolvbm possible buffer overflow
RuleID : 701 - Revision : 13 - Type : SQL
2014-01-10 DELETED SQL/SMB xp_updatecolvbm possible buffer overflow
RuleID : 700 - Revision : 14 - Type : SQL
2014-01-10 xp_printstatements possible buffer overflow
RuleID : 699 - Revision : 13 - Type : SQL
2014-01-10 DELETED SQL/SMB xp_proxiedmetadata possible buffer overflow
RuleID : 698 - Revision : 14 - Type : SQL
2014-01-10 DELETED SQL/SMB xp_peekqueue possible buffer overflow
RuleID : 697 - Revision : 14 - Type : SQL
2014-01-10 DELETED SQL/SMB xp_showcolv possible buffer overflow
RuleID : 696 - Revision : 14 - Type : SQL
2014-01-10 DELETED SQL/SMB xp_printstatements possible buffer overflow
RuleID : 690 - Revision : 13 - Type : SQL
2014-01-10 xp_enumresultset possible buffer overflow
RuleID : 682 - Revision : 14 - Type : SQL
2014-01-10 xp_setsqlsecurity possible buffer overflow
RuleID : 675 - Revision : 13 - Type : SQL
2014-01-10 xp_displayparamstmt possible buffer overflow
RuleID : 674 - Revision : 12 - Type : SQL

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-01-19 21:29:44
  • Multiple Updates