|
Heterogenous Queries Buffer Overflow
February 20, 2002
Risk Level: High
Summary:
SQL Server supports a method of querying data from multiple data sources
referred to as heterogeneous joins. Using heterogeneous joins, data from
other sources, such as file or LDAP directories, can be integrated into
queries through the database.
A buffer overflow has been found in the functions OpenDataSource and
OPENROWSET. When a large buffer is passed as the first parameter to these
functions, memory is overwritten and the database crashes. It is also
possible that this can be used to insert opcodes into memory to be
executed. No exploit code has surfaced yet.
Below is an example which will crash the database:
SELECT * FROM OpenDataSource('AAAAAAAAAAAA(7000 more)','')
SELECT * FROM OPENROWSET('AAAAAAAAAAAA(7000 more)','','')
Fix:
No patch is currently available from Microsoft. A new alert will be posted
when a patch is made available. It is recommended you restrict access to
your database from anonymous sources until a patch is released.
Credit:
This vulnerability was researched and discovered by Cesar Cerrudo
(cesarc56@yahoo.com).
|
