header-logo
Suggest Exploit
vendor:
SQL Server
by:
SecurityFocus
7.5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: SQL Server
Affected Version From: SQL Server 2000
Affected Version To: SQL Server 2000
Patch Exists: YES
Related CWE: N/A
CPE: a:microsoft:sql_server:2000
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2002

A buffer overflow vulnerability has been reported in SQL Server 2000

A buffer overflow vulnerability has been reported in SQL Server 2000. The vulnerability is a result of an unchecked buffer when using the password encrypt procedure. This procedure is used by administrators to provides support for the storage of SQL Server Authentication credentials. The overrun condition is due to an unbounded data copy operation that occurs when processing the procedure arguments. Attackers may exploit this vulnerability by invoking the password encrypt procedure with excessive input.

Mitigation:

Administrators should ensure that the password encrypt procedure is not used with excessive input.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5014/info

A buffer overflow vulnerability has been reported in SQL Server 2000. The vunerability is a result of an unchecked buffer when using the password encrypt procedure. This procedure is used by administrators to provides support for the storage of SQL Server Authentication credentials.

The overrun condition is due to an unbounded data copy operation that occurs when processing the procedure arguments. Attackers may exploit this vulnerability by invoking the password encrypt procedure with excessive input.

SELECT pwdencrypt(REPLICATE('A',353))

Navigation

Suggest Exploit

Services By CQR