Database Journal
MS SQL Oracle DB2 Access MySQL PostgreSQL Sybase PHP SQL Etc SQL Scripts & Samples Tips Database Forum

» Database Journal Home
» Database Articles
» Database Tutorials
MS Access
SQL Scripts & Samples
» Database Forum
» Slideshows
Free Newsletters:

News Via RSS Feed

Database Journal |DBA Support |SQLCourse |SQLCourse2

Featured Database Articles

Database News

Posted Aug 22, 2003

Microsoft SQL Server Client Utilities UDP Broadcasts Buffer Overflow Vulnerability

By DatabaseJournal.com Staff

[From Help Net Security]

A Unicode buffer overflow exists in MDAC which is used by the SQL Server SQL-DMO library that could allow a remote user to execute malicious code on the target computer. The vulnerability does not occur when accepting incoming connections, but rather in the response to broadcast queries.

All SQL Servers receiving the broadcast request respond with a standard UDP packet. If a malicious machine responds to this broadcast with an overlong packet a stack buffer overflow occur.

The article continues at http://www.net-security.org/vuln.php?id=2899

Database News Archives

Comment and Contribute


(Maximum characters: 1200). You have characters left.



Latest Forum Threads
Database News Forum
Topic By Replies Updated
Efficient SQL Server Indexing by Design lcole 0 April 30th, 12:38 PM
Mine Oracle Database, SQL Server and Other Databases with Monarch Data Pump Pro V10.5 lcole 0 April 30th, 12:37 PM
Oracle Database and Oracle Fusion Middleware for Private Social Network Application lcole 0 April 30th, 12:31 PM
Oracle Database Maintains a Stronghold in the DBMS Market lcole 0 April 30th, 12:30 PM