Ogni 5 minuti il mio firewall mi avverte che ricevo un attacco del genere "SQL_SSRP Stack BO"...
Credo che fintanto che il firewall se ne avvede non corro rischi, ma mi chiedevo, per curisoità, di che si tratta. Ho dato una letta alla pagina informativa ma non ci ho capito un granchè. C'è qualche anima pia che me lo spiega in termini molto elementari?
La pagina informativa sarebbe la sottostante, l'ho copiata nel thread. GGGrazie!


2106151 : Microsoft SQL Server Resolution Service stack buffer overflow
High Risk


Quick Links

Event Description
Products that have this security check
Affected platforms
How to remove this vulnerability
References
Information about this document
Event description

Microsoft SQL Server 2000 is vulnerable to a stack-based buffer overflow in the SQL Server Resolution Service, which is used to direct client requests to the proper port when multiple instances of the SQL Server are running on the same system. By sending a specially-crafted request to UDP port 1434 with the first byte set to 0x04, a remote attacker could overflow a buffer and cause the SQL Server service to crash or execute arbitrary code on the system with the same privileges as the SQL Server.

Note: This vulnerability also affects Cisco CallManager version 3.3(x), Cisco Unity versions 3.x and 4.x, and Cisco Building Broadband Service Manager versions 5.0 and 5.1, which incorporate the use of either SQL Server 2000 or MSDE 2000.

This vulnerability is exploitable using the Slammer worm. The main function of the Slammer worm is propagation, sending 376 bytes of exploit and propagation code across port 1434/UDP until the SQL Server process is shut down.. No Distributed Denial of Service (DDoS) or backdoor functionality is incorporated into the worm. Infection can be removed with a reboot, however without protection in place, it is likely that vulnerable servers will be quickly re-infected.

Products that have this security check

BlackICE Agent for Server
BlackICE PC Protection
BlackICE Server Protection
RealSecure Desktop Protector
RealSecure Guard
RealSecure Network Sensor
RealSecure Sentry
RealSecure Server Sensor
SQL_SSRP_StackBo
This event looks for a UDP packet with destination port 1434 whose 1st byte is 0x04 and whose length is greater than the configurable value ssrp.stackbo.threshold. The default threshold value is 96.



Affected platforms

Cisco BBSM 5.0
Cisco BBSM 5.1
Cisco CallManager 3.3.x
Cisco Unity 3.x
Cisco Unity 4.x
Microsoft .NET Framework 1.0
Microsoft SQL Server 2000
Windows 2000 (Any version)
Windows NT (Any version)
How to remove this vulnerability

For vulnerability detection:

Enable the following checks in the Dynamic Threat Protection platform
MssqlResolutionServiceBo

For Virtual Patch:

Enable the following checks in the Dynamic Threat Protection platform: SQL_SSRP_StackBo

For Manual Protection:

Apply the patch for this vulnerability, as listed in Microsoft Security Bulletin MS02-039. See References.

For Cisco CallManager, Cisco Unity, and Cisco Building Broadband Service Manager: Refer to Cisco Security Advisory 2003 January 26 05:30 GMT for upgrade or patch information. See References.

References

Microsoft Security Bulletin MS02-039
Buffer Overruns in SQL Server 2000 Resolution Service Could Enable Code Execution (Q323875)
http://www.microsoft.com/technet/tre...n/MS02-039.asp

SQLSecurity.com Web site
SQL Server/MSDE-Based Applications
http://www.sqlsecurity.com/DesktopDe...ex=10&tabid=13

Cisco Security Advisory 2003 January 26 05:30 GMT
Microsoft SQL Server 2000 Vulnerabilities in Cisco Products - MS02-061
http://www.cisco.com/warp/public/707...ms02-061.shtml

NGSSoftware Insight Security Research Advisory #NISR03092002B
Windows .NET Server (RC1) and MSDE
http://www.nextgenss.com/advisories/dotnet-msde.txt

CERT Vulnerability Note VU#484891
Microsoft SQL Server 2000 contains stack buffer overflow in SQL Server Resolution Service
http://www.kb.cert.org/vuls/id/484891

CERT Advisory CA-2002-22
Multiple Vulnerabilities in Microsoft SQL Server
http://www.cert.org/advisories/CA-2002-22.html

NGSSoftware Insight Security Research Advisory #NISR25072002
Unauthenticated Remote Compromise in MS SQL Server 2000
http://www.ngssoftware.com/advisories/mssql-udp.txt

BugTraq
Microsoft SQL Server 2000 Resolution Service Stack Overflow Vulnerability
http://www.securityfocus.com/bid/5311

Common Vulnerabilities and Exposures
Multiple buffer overflows in SQL Server 2000 Resolution Service allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption.
http://cve.mitre.org/cgi-bin/cvename...=CAN-2002-0649

DoD Computer Emergency Response Team (DoD-CERT)
Multiple Vulnerabilities in Microsoft SQL Server (IAVA 2003-A-0001)
http://www.cert.mil/