Metasploit mailing list archives
mssql testing
From: neil-on-metasploit at restricted.dyndns.org (Neil)
Date: Sun, 14 Nov 2004 12:21:25 -0600
Hey guys, I conducted vulnerability test against our machines using the latest Nessus. It tells that our MSSQL is vulnerable. Below is more info. . Vulnerability found on port ms-sql-m (1434/udp) : The remote host MS SQL server is vulnerable to several overflows which could be exploited by an attacker to gain SYSTEM access on that host. Note that a worm (sapphire) is exploiting this vulnerability in the wild. Solution : http://www.microsoft.com/technet/security/bulletin/ms02-061.mspx Risk factor : High CVE : CAN-2002-1137, CAN-2002-1138, CAN-2002-0649, CVE-2002-0650, CAN-2002-1145, CAN-2002-0644, CAN-2002-0645, CAN-2002-0721 BID : 5309, 5310, 5311, 5312, 5481, 5483, 5877, 5980 Other references : IAVA:2003-A-0001, IAVA:2002-B-0004 Am I correct that metasploit's 2 mssql exploit will not work for this kind of vulnerability? If so, how can we make use of metasploit to prove system is vulnerable? Are there other exploit that can be used against this vulnerability? Thanks guys. Neil
Current thread:
- mssql testing Neil (Nov 14)
- mssql testing H D Moore (Dec 16)