Microsoft SQL Server Authentication Function Remote Overflow

high Nessus Plugin ID 11067

Synopsis

The remote database server is affected by a remote command execution vulnerability.

Description

The remote Microsoft SQL server is vulnerable to the Hello overflow.

An attacker may use this flaw to execute commands against the remote host as LOCAL/SYSTEM, as well as read your database content.

*** This alert might be a false positive.

Solution

Apply the patch from the Microsoft Bulletin.

See Also

http://www.nessus.org/u?32a9c483

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2002/ms02-056

https://seclists.org/bugtraq/2002/Aug/106

Plugin Details

Severity: High

ID: 11067

File Name: mssql_hello_overflow.nasl

Version: 1.41

Type: remote

Family: Databases

Published: 8/7/2002

Updated: 4/11/2022

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.3

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:microsoft:sql_server

Required KB Items: Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 8/5/2002

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (MS02-056 Microsoft SQL Server Hello Overflow)

Reference Information

CVE: CVE-2002-1123

BID: 5411

MSFT: MS02-056

MSKB: 316333, 327068