Application Security Inc. - Securing Business by Securing Enterprise Applications

home

client login

partner login

online store

search:

MOST POPULAR CONTENT

1.	Top Database Security Threats for 2008
2.	Database Security Best Practices for Federal Agencies
3.	PCI Compliance at the Database Level
4.	Forrester WAVE Summary Scorecard
5.	SOX Compliance and Database Security

xp_dirtree Buffer Overflow

March 6, 2002

To determine if you are vulnerable to this attack, download AppDetective from:

http://www.appsecinc.com/products/appdetective/mssql

Risk level: High

Summary:

The extended stored procedure xp_dirtree contains a buffer overflow.

When a large Unicode buffer is passed as the first parameter to the extended stored procedure xp_dirtree, a buffer overflow occurs. The following command causes the database to crash and results in an exploitable vulnerability.

xp_dirtree N'XXXXXX< and addition 5000 Xs>...'

Fix:

No patch is available yet. The current work around is to drop the extended stored procedure and delete the DLL from the operating system.

Credit:

This vulnerability was researched and discovered by Cesar Cerrudo (cesarc56@yahoo.com).