New SQL worm

[ Home | Liste | F.A.Q. | Risorse | Cerca... ]

[ Data: precedente | successivo | indice ] [ Argomento: precedente | successivo | indice ]

Archivio: Gennaio 2003 ml@sikurezza.org
Soggetto: New SQL worm
Mittente: marco misitano
Data: 26 Jan 2003 19:43:21 -0000

http://www.cert.org/advisories/CA-2003-04.html

The worm targeting SQL Server computers is self-propagating malicious
code that most likely exploits two vulnerabilities in the Resolution
Service of Microsoft SQL Server 2000 vulnerabilities. The vulnerability
documented in VU#370308 allows the keep-alive functionality employed by
the SQL Server Resolution Service to launch a denial of service against
other hosts. Either the vulnerability VU#399260 or VU#484891 allow for
the execution of arbitrary code on the SQL Server computer due to a
buffer overflow. 

Patch per SQL server:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur
ity/bulletin/MS02-039.asp

Cura sintomatica; qualche idea di cosa fare sui router di frontiera:
http://www.cisco.com/warp/public/707/newsflash.html


Ciao,
-------------------- --- --  -  - 
 Marco Misitano, CISSP              
 Enterprise Consulting, Security    
 Cisco Systems Italy, Milano        
 Via Torri Bianche, 7               
 20059, Vimercate, MI 
--------- --- -- - -  -   -     


________________________________________________________
http://www.sikurezza.org - Italian Security Mailing List

Data:
- precedente: Re: windows2000 password e domini, Enrico Branca
- successivo: Ms-Sql Worm, -=Quequero=-
- indice

Argomento:
- precedente: Cisco Systems to Acquire Okena, Inc., marco misitano
- successivo: Ms-Sql Worm, -=Quequero=-
- indice

[ Home | Liste | F.A.Q. | Risorse | Cerca... ]

www.sikurezza.org - Italian Security Mailing List
(c) 1999-2005