MS SQL Worm Roundup
by HNS Staff - last update: 29 January 2003,11:20 AM CET
Slammer (Helkern/Sapphire) is a worm that attempts to exploit vulnerabilities in Microsoft SQL 2000 servers and is causing increased traffic on UDP port 1434. This roundup contains the analysis, latest news updates, solutions, security advisories, AV vendor releases and a removal too for this worm.



CERT/CC - CERT Advisory CA-2003-04 - MS-SQL Server Worm

The CERT/CC has received reports of self-propagating malicious code that exploits multiple vulnerabilities in the Resolution Service of Microsoft SQL Server 2000. The propagation of this worm has caused varied levels of network degradation across the Internet, in addition to the compromise of vulnerable machines



Kaspersky Labs: "Helkern": 367 Bytes That Shook The World

Kaspersky Labs, an international data security software developer, is warning users against the new Internet-worm "Helkern" (also known as "Slammer") that infects servers running under the popular Web-enabled database Microsoft SQL Server 2000.



eEye - SQL Sapphire Worm Analysis

Late Friday, January 24, 2003 we became aware of a new SQL worm spreading quickly across various networks around the world. Besides the analysis, the disassembled worm code is available here.



NGSSoftware (HNS mirror) - Unauthenticated Remote Compromise in MS SQL Server 2000

NGSSoftware July 25th advisory described the security issue that this worm exploits. Microsoft's database server SQL Server 2000 exhibits two buffer overrun vulnerabilities that can be exploited by a remote attacker without ever having to authenticate to the server.



Black Hat Briefings Archive - David Litchfield MS SQL UDP Speech (Real Audio)

This is an archive of the speech David Litchfield gave at the July's Black Hat Briefing, in which he reveals the MS SQL UDP problem that turned into the SQL Hell/Slammer/Sapphire worm, fire up Real Player and check out the video.



Microsoft Security Bulletin MS02-039 - Buffer Overruns in SQL Server 2000 Resolution Service Could Enable Code Execution

Three vulnerabilities, the most serious of which could enable an attacker to gain control over an affected SQL Server 2000 installation. This Micosoft security bulletin deals with the issues the SQL worm is exploiting.



Cisco - MS SQL "Sapphire" Worm Mitigation Recommendations

Cisco customers are currently experiencing attacks due to a new worm that has hit the Internet. The signature of this worm appears to be high volumes of UDP traffic to port 1434. Affected customers have been experiencing high volumes of traffic from both internal and external systems. Symptoms on Cisco devices include, but are not limited to high CPU and traffic drops on the input interfaces.

Spotlight

Most popular Android apps open users to MITM attacks

Posted on 21 August 2014.  |  An analysis of the 1,000 most popular free Android apps from the Google Play store has revealed a depressing fact: most of them sport an SSL/TLS vulnerability that can be misused for executing MITM attacks, and occasionally additional ones, as well.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Aug 21st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //