Kr0m
OSNN Veteran Addict
- Joined
- 4 Dec 2001
- Messages
- 1,392
I found out about this when I noticed a LARGE number of probes to port 1434/33 to my PC lastnight. Why users or admins don't keep their Servers patched(especially these days) is mind boggling. They need to be slapped!
Internet Security Systems
Quoting their site:
"Synopsis:
ISS X-Force has learned of a worm that is spreading via Microsoft SQL servers. The worm is responsible for
large amounts of Internet traffic as well as millions of UDP/IP probes at the time of this alert's publication.
This worm attempts to exploit MS/SQL servers vulnerable to the SQL Server Resolution service buffer overflow
(CVE CAN-2002-0649). Once a vulnerable computer is compromised, the worm will infect that target, randomly
select a new target, and resend the exploit and propagation code to that host.
Impact:
Although the Slammer worm is not destructive to the infected host, it does generate a damaging level of
network traffic when it scans for additional targets. A large amount of network traffic is created by the
worm, which scans random IP addresses for vulnerable servers."
Internet Security Systems
Quoting their site:
"Synopsis:
ISS X-Force has learned of a worm that is spreading via Microsoft SQL servers. The worm is responsible for
large amounts of Internet traffic as well as millions of UDP/IP probes at the time of this alert's publication.
This worm attempts to exploit MS/SQL servers vulnerable to the SQL Server Resolution service buffer overflow
(CVE CAN-2002-0649). Once a vulnerable computer is compromised, the worm will infect that target, randomly
select a new target, and resend the exploit and propagation code to that host.
Impact:
Although the Slammer worm is not destructive to the infected host, it does generate a damaging level of
network traffic when it scans for additional targets. A large amount of network traffic is created by the
worm, which scans random IP addresses for vulnerable servers."
