Microsoft SQL Server Xp_sprintf buffer overflow
BID:1204
Info
Microsoft SQL Server Xp_sprintf buffer overflow
| Bugtraq ID: | 1204 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | Unknown |
| Published: | May 09 2000 12:00AM |
| Updated: | May 09 2000 12:00AM |
| Credit: | <unknown> |
| Vulnerable: |
Microsoft SQL Server 6.5 Microsoft SQL Server 6.0 |
| Not Vulnerable: |
Microsoft SQL Server 7.0 |
Discussion
Microsoft SQL Server Xp_sprintf buffer overflow
In versions of SQL Server earlier than Release 6.5, Service Pack 5 the extended stored procedure xp_sprintf can be exploited using buffer overflows. An attacker can use xp_sprintf to crash the server or to possibly gain administrator privileges on the system running SQL Server.
In versions of SQL Server earlier than Release 6.5, Service Pack 5 the extended stored procedure xp_sprintf can be exploited using buffer overflows. An attacker can use xp_sprintf to crash the server or to possibly gain administrator privileges on the system running SQL Server.
Exploit / POC
Microsoft SQL Server Xp_sprintf buffer overflow
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Microsoft SQL Server Xp_sprintf buffer overflow
Solution:
This issue is resolved in version of Microsoft SQL Server greater than 6.5 SP5.
Solution:
This issue is resolved in version of Microsoft SQL Server greater than 6.5 SP5.
References
Microsoft SQL Server Xp_sprintf buffer overflow
References:
References: