Security Advisory Name : Many, many, many Sql Server 7 & 2000 Buffer Overflows System Affected : Sql Server 7 & 2000 all service packs and fixes. Severity : High. Remote Exploit: Yes Author: Cesar Cerrudo. Date: 03/12/2002 Advisory Number: CC030203 Description : Well people it's the same old history. No words. Are you still using extended stored procedures? Details: Extended stored procedured affected in Sql Server 7 : xp_repl_encrypt xp_proxiedmetadata --->Hoops this was alredy fixed xp_oledbinfo xp_dsninfo xp_sqlinventory --->Hoops this was alredy fixed Extended stored procedured affected in Sql Server 2000: xp_proxiedmetadata --->Hoops this was alredy fixed xp_mergelineages xp_controlqueueservice xp_createprivatequeue xp_createqueue xp_decodequeuecmd xp_deleteprivatequeue xp_deletequeue xp_displayqueuemesgs xp_oledbinfo xp_readpkfromqueue xp_readpkfromvarbin xp_repl_encrypt xp_resetqueue xp_unpackcab Workaround : Drop the extended stored procedures and its DLL. What is better a workaround or a Microsoft fix? Vendor Status : Microsoft was not contacted. Especial thanks to Aaron C. Newman for his contribution in tests. And very special thanks to Microsoft spies's for being so stupids. For complete details and test results : http://www.appsecinc.com/resources/alerts/mssql/02-0000.html __________________________________________________ Do You Yahoo!? Try FREE Yahoo! Mail - the world's greatest free email! http://mail.yahoo.com/
