Yup this is true... the advisory on our website reflects it. The advisory on our site will always have the latest information. Also we released a free scanning tool that will detect vulnerable SQL and MSDE systems.You can check it on http://www.eeye.com Signed, Marc Maiffret Chief Hacking Officer eEye Digital Security T.949.349.9062 F.949.349.9538 http://eEye.com/Retina - Network Security Scanner http://eEye.com/Iris - Network Traffic Analyzer http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities | -----Original Message----- | From: twhiteat_private [mailto:twhiteat_private]On | Behalf Of terry white | Sent: Sunday, January 26, 2003 9:01 PM | To: Marc Maiffret | Cc: Incidents | Subject: Re: SQL Sapphire Worm Analysis | | | on "1-25-2003" "Marc Maiffret" writ: | | : SQL Sapphire Worm Analysis | : | : Systems Affected: | : Microsoft SQL Server 2000 pre SP 2 | | ... it seems to me, i've read that the M$ 'desktop engine' a.k.a. "DE" is | vulnerable to this exploit in some way. in fact, it seems like the DE | was affected where MS-SQL not running ... | | | -- | ... i'm a man, but i can change, | if i have to , i guess ... | | ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Jan 27 2003 - 09:30:33 PST