This attack could pose a moderate security threat. It does not require immediate action.
This signature detects an attempt to exploit a vulnerability in MS SQL.
A vulnerability has been discovered in Microsoft SQL Server that could make it possible for remote attackers to gain access to target hosts.
It is possible for an attacker to cause a buffer overflow condition on the vulnerable SQL server with a malformed login request.
This vulnerability reportedly occurs even before authentication can proceed. Microsoft SQL Server listens for connections on TCP port 1433.
An attacker can exploit this vulnerability by sending specially crafted packets to TCP port 1433 which causes SQL Server to crash and possibly execute attacker supplied code.
It is possible that this issue may be remotely exploitable to execute arbitrary code as the SQL Server process.
This vulnerability was reported in BugTraq ID 5868, Multiple Microsoft SQL Server Vulnerabilities.
- Microsoft Data Engine 2000
- Microsoft SQL Server 2000 SP1, SP2