Home » Hacking News » Microsoft SQL Server xp_dirtree Buffer Overflow Vulnerability

Microsoft SQL Server xp_dirtree Buffer Overflow Vulnerability

by Nikola Strahija on March 7th, 2002 A vulnerability has been reported in the xp_dirtree function provided with SQL Server. XPs are DLL files that perform high level functions in SQL Server. When called, they invoke a function called Srv_paraminfo() to parse the input parameters.

If an extremely large parameter is passed to the stored procedure xp_dirtree, a buffer overflow condition will occur. Depending on the data supplied, this may cause a denial of service condition, or result in the execution of arbitrary code as the SQL Server process.

This may be related to an older, known problem with unsafe usage of the Srv_paraminfo() function call. This issue is discussed in BID 2030, 2031, 2038, 2039, 2040, 2041, 2042, and 2043. This relationship has not been confirmed.

Remote: Yes

Exploit: No

From the forum

The forums are now OPEN AGAIN!

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Users login

JOIN XATRIX

Microsoft SQL Server xp_dirtree Buffer Overflow Vulnerability

Related articles

Advisories

Vulnerabilities

From the forum

Newsletter signup

Free E-books

Contact