Microsoft SQL Server 2000 pwdencrypt() buffer overflow

From: martin rakhmanoff (jimmersat_private)
Date: Fri Jun 14 2002 - 06:24:11 PDT

Next message: martin rakhmanoff: "Lumigent Log Explorer 3.xx extended stored procedures buffer overflow"

Previous message: sec: "Another cgiemail bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) Microsoft SQL Server 2000 (up to SP2) suffers from buffer/heap overflow in built-in hashing function pwdencrypt(). Sample code shown below crashes SQL Server service and may lead to arbitrary code execution: SELECT pwdencrypt(REPLICATE('A',353)) On some systems it may require lager amount of characters to cause overflow (1000 is enough in any case) This was confirmed by Microsoft but is not known when the patch will be released. Cheers Martin Rakhmanoff (jimmers) jimmersat_private

Next message: martin rakhmanoff: "Lumigent Log Explorer 3.xx extended stored procedures buffer overflow"
Previous message: sec: "Another cgiemail bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jun 14 2002 - 07:54:19 PDT