Test ID:	1.3.6.1.4.1.25623.1.0.11214
Category:	Windows
Title:	Microsoft's SQL Overflows
Summary:	NOSUMMARY
Description:	Description: The remote host MS SQL server is vulnerable to several overflows which could be exploited by an attacker to gain SYSTEM access on that host. Note that a worm (sapphire) is exploiting this vulnerability in the wild. Solution : http://www.microsoft.com/technet/security/bulletin/ms02-061.mspx Risk factor : High
Cross-Ref:	BugTraq ID: 5309 BugTraq ID: 5310 BugTraq ID: 5311 BugTraq ID: 5312 BugTraq ID: 5481 BugTraq ID: 5483 BugTraq ID: 5877 BugTraq ID: 5980 Common Vulnerability Exposure (CVE) ID: CVE-2002-1137 http://www.securityfocus.com/bid/5877 Computer Incident Advisory Center Bulletin: N-003 http://www.ciac.org/ciac/bulletins/n-003.shtml Cisco Security Advisory: 20030203 Microsoft SQL Server 2000 Vulnerabilities in Cisco Products - MS02-061 http://www.cisco.com/warp/public/707/cisco-sa-20030126-ms02-061.shtml http://www.scan-associates.net/papers/foxpro.txt Microsoft Security Bulletin: MS02-056 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-056 XForce ISS Database: mssql-dbcc-bo-variant(10255) https://exchange.xforce.ibmcloud.com/vulnerabilities/10255 Common Vulnerability Exposure (CVE) ID: CVE-2002-1138 http://www.iss.net/security_center/static/10257.php Common Vulnerability Exposure (CVE) ID: CVE-2002-0649 http://www.securityfocus.com/bid/5310 Bugtraq: 20020725 Microsoft SQL Server 2000 Unauthenticated System Compromise (#NISR25072002) (Google Search) http://marc.info/?l=bugtraq&m=102760196931518&w=2 Bugtraq: 20030125 Fw: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! (Google Search) http://www.securityfocus.com/archive/1/308321/30/26180/threaded Bugtraq: 20030125 MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! (Google Search) http://www.securityfocus.com/archive/1/308306/30/26180/threaded Bugtraq: 20030128 RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! (Google Search) http://www.securityfocus.com/archive/1/308393/30/26180/threaded Bugtraq: 20030125 Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434! (Google Search) http://www.securityfocus.com/archive/1/308324/30/26180/threaded Bugtraq: 20030125 SQL Sapphire Worm Analysis (Google Search) http://www.securityfocus.com/archive/1/308388/30/26180/threaded Bugtraq: 20030125 Sapphire SQL Worm Analysis Complete (Google Search) http://www.securityfocus.com/archive/1/308418/30/26150/threaded http://www.securityfocus.com/archive/1/308396/30/26150/threaded Bugtraq: 20030126 Tool: Sapphire SQL Worm Scanner (Google Search) http://www.securityfocus.com/archive/1/308419/30/26150/threaded http://www.securityfocus.com/archive/1/308760/30/26120/threaded Bugtraq: 20030129 Re: MSDE contained in... (Google Search) http://www.securityfocus.com/archive/1/308806/30/26120/threaded http://www.securityfocus.com/archive/1/309096/30/26120/threaded Bugtraq: 20030130 RE: MSDE contained in... (Google Search) http://www.securityfocus.com/archive/1/309324/30/26120/threaded Bugtraq: 20030201 The Spread of the Sapphire/Slammer SQL Worm (Google Search) http://www.securityfocus.com/archive/1/309776/30/26090/threaded http://www.cert.org/advisories/CA-2002-22.html http://www.cert.org/advisories/CA-2003-04.html CERT/CC vulnerability note: VU#399260 http://www.kb.cert.org/vuls/id/399260 CERT/CC vulnerability note: VU#484891 http://www.kb.cert.org/vuls/id/484891 Microsoft Security Bulletin: MS02-039 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-039 http://marc.info/?l=ntbugtraq&m=102760479902411&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1077 http://secunia.com/advisories/7945 Common Vulnerability Exposure (CVE) ID: CVE-2002-0650 http://www.securityfocus.com/bid/5312 http://www.osvdb.org/878 http://www.iss.net/security_center/static/9662.php Common Vulnerability Exposure (CVE) ID: CVE-2002-1145 http://www.securityfocus.com/bid/5980 Bugtraq: 20021017 Microsoft SQL Server Webtasks privilege upgrade (#NISR17102002) (Google Search) http://marc.info/?l=bugtraq&m=103487044122900&w=2 http://www.nextgenss.com/advisories/mssql-webtasks.txt Microsoft Security Bulletin: MS02-061 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-061 http://marc.info/?l=ntbugtraq&m=103486356413404&w=2 http://www.iss.net/security_center/static/10388.php Common Vulnerability Exposure (CVE) ID: CVE-2002-0644 Microsoft Security Bulletin: MS02-038 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-038 Common Vulnerability Exposure (CVE) ID: CVE-2002-0645 Common Vulnerability Exposure (CVE) ID: CVE-2002-0721 Bugtraq: 20020816 Microsoft SQL Server Extended Stored Procdure privilege upgrade vulnerabilities (#NISR15002002A) (Google Search) http://marc.info/?l=bugtraq&m=102950473002959&w=2 CERT/CC vulnerability note: VU#399531 http://www.kb.cert.org/vuls/id/399531 CERT/CC vulnerability note: VU#818939 http://www.kb.cert.org/vuls/id/818939 CERT/CC vulnerability note: VU#939675 http://www.kb.cert.org/vuls/id/939675 http://www.ngssoftware.com/advisories/mssql-esppu.txt Microsoft Security Bulletin: MS02-043 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-043 http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0087.html http://marc.info/?l=ntbugtraq&m=102950792606475&w=2
Copyright	This script is Copyright (C) 2003 Renaud Deraison

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.