Home page logo

pen-test logo Penetration Testing mailing list archives

MS SQL Server Hello Overflow
From: Dave Aitel <dave () immunitysec com>
Date: 07 Aug 2002 11:26:08 -0400

Since people seem unable to type: export LD_LIBRARY_PATH=. ;
./generic_send_tcp target 1433 audits/MSSQL/mssql.spk; I've attached a
NASL script that will also demonstrate the vulnerability. It even has
the correct ID number and will soon be available from the Nessus
homepage as well, for those of you who do a daily auto-update.

I'm not, however, planning to release NASL scripts for the Exchange 2000
vulnerabilities, nor do I plan to release a working exploit for the SQL
Server vulnerability (except to Immunity, Inc. larger customers, who
have access to all of Immunity's ongoing research.) 

Dave Aitel
Immunity, Inc.

Attachment: mssql_hello_overflow.nasl

Attachment: signature.asc
Description: This is a digitally signed message part

  By Date           By Thread  

Current thread:
  • MS SQL Server Hello Overflow Dave Aitel (Aug 07)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]