[Am-info] MS SQL Server OpenRowSet/OpenQuery() overflow
Fred A. Miller
fm@cupserv.org
Fri, 22 Feb 2002 13:19:27 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
MS SQL Server OpenRowSet/OpenQuery() overflow
A released advisory indicates that the OpenRowSet() and OpenQuery()MS
SQL functions are vulnerable to a buffer overflow in the handling
of long provider names. This amounts to at least a denial of service
attack and possibly the execution of arbitrary code.
This vulnerability has not been confirmed.
Source: SecurityFocus Vuln-Dev
http://archives.neohapsis.com/archives/vuln-dev/2002-q1/0588.html
- --
Fred A. Miller
Systems Administrator
Cornell Univ. Press Services
- ---KMail 1.3.2--- SuSE Linux v7.3 Pro---
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8douvIhTtc6nTZIIRAv/7AKCjb+XGrqvF1HoTwof5Q+NSZo6u6wCglF9t
EXtM70AgwGMBPiVATMQ6GKk=
=AQrb
-----END PGP SIGNATURE-----