Users login

Create an account »


Users login

Home » Hacking News » Microsoft SQL Server xp_dirtree Buffer Overflow Vulnerability

Microsoft SQL Server xp_dirtree Buffer Overflow Vulnerability

by Nikola Strahija on March 7th, 2002 A vulnerability has been reported in the xp_dirtree function provided with SQL Server. XPs are DLL files that perform high level functions in SQL Server. When called, they invoke a function called Srv_paraminfo() to parse the input parameters.

If an extremely large parameter is passed to the stored procedure xp_dirtree, a buffer overflow condition will occur. Depending on the data supplied, this may cause a denial of service condition, or result in the execution of arbitrary code as the SQL Server process.

This may be related to an older, known problem with unsafe usage of the Srv_paraminfo() function call. This issue is discussed in BID 2030, 2031, 2038, 2039, 2040, 2041, 2042, and 2043. This relationship has not been confirmed.

Remote: Yes

Exploit: No

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »