SQL Server Performance

Slammer Code

Discussion in 'Forum Announcements' started by gaurav_bindlish, Jun 26, 2003.

  1. gaurav_bindlish New Member

  2. vbkenya New Member

    Coding this worm sounds simple.

    How many other products(Microsoft or otherwise) still exhibit this kind of vulnerability (Buffer Overflow with open UDP ports) today?



    Nathan H.O.
  3. gaurav_bindlish New Member

    I think we have the buffer overflow paches almost every week for internet explorer.

    Gaurav
  4. Chappy New Member

    &gt; Coding this worm sounds simple.<br /><br />Sounds simple, sure. But you still have to be quite talented to actually code the exploit from scratch. The code which overflows the buffer must not utilise a '0' byte anywhere within it (else it often cause the memory copy operation to terminate prematurely), if you know much about assembly youll realise this is often a lot harder than it sounds. <br />The upshot is that the author must often go to quite some lengths to get format any zeroed data he uses, without quoting it as literal values. <br /><br />&gt; How many other products(Microsoft or otherwise) still exhibit this kind of vulnerability <br />&gt; (Buffer Overflow with open UDP ports) today?<br /><br />Id say many. Microsoft are no worse than anyone I think, but obviously they are a more attractive target to someone willing to spend the time in the first place. What galls me most is that 90% of buffer overflows are so easily avoided. The unbounded strcpy api is responsible for a great deal of attacks. Switch it to strlcpy and you instantly seal one potential hole). Why anyone is even still using strcpy despite the rasied awareness of its problems is beyond me (but yes, even some recent software still uses it, and even if it nots necessarily always exploitable, its still bad practice).<br /><br />Anyway, sorry if Im drifting this slightly off topic <img src='/community/emoticons/emotion-1.gif' alt=':)' /> Just my 2p worth.
  5. vbkenya New Member

  6. vbkenya New Member

    I agree with chappy on the strcpy stuff.

    Is it possible that this is an artifact carried over from the Sybase days and was overlooked over time by the MSSQL server 'programmers'?



    Nathan H.O.
  7. vbkenya New Member

  8. satya Moderator

  9. vbkenya New Member

    The Folly of Publishing the Slammer Code.

    http://sci.newsfactor.com/perl/printer/21780/

    Nathan H.O.
    Moderator
    SQL-Server-Performance.com

Share This Page