Name:
Worm.Slammer
Released Date:
Mar 6 2006
Severity:
high
CVE:
2002-0649
MS Bulletin:
MS02-039
Bugtraq:
5311
5310

FortiGuard Center > Vulnerability Encyclopedia


In-Depth Analysis

Description
This indicates an attempt by the SQL Slammer worm to exploit a buffer overflow vulnerability in Microsoft SQL Server.

The vulnerability results from the the way that Microsoft SQL servers process input on the SQL Server Resolution Service on port 1434. By sending a specially crafted UDP packet, a remote attacker can execute arbitrary code on a vulnerable system. The SQL Slammer worm takes advantage of this to spread through local networks and the Internet. The worm first scans rapidly for vulnerable systems, and it is this scanning activity that has degraded service across the entire Internet.
 
Impact
System compromise: remote code execution, worm infection
 
Affected Products
MS SQL 2000 server.
Aliases
Slammer
References
http://www.microsoft.com/technet/security/Bulletin/MS02-039.mspx
http://www.securityfocus.com/bid/5311
http://www.securityfocus.com/bid/5310
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2002-0649
http://www.cert.org/advisories/CA-2003-04.html
Recommended Actions
Apply the latest SQL Server patches from Microsoft.
http://www.microsoft.com/technet/security/Bulletin/MS02-039.mspx

Block external access to the Microsoft SQL service on port 1433 and 1434

 
 
SITE MAP  |  LEGAL NOTICES

      © 2003 FORTINET INC. ALL RIGHTS RESERVED