Check Point Advisories

Microsoft Data Access Components Broadcast Reply Buffer Overflow (MS04-003; CVE-2003-0903)

Check Point Reference: CPAI-2009-289
Date Published: 13 Dec 2009
Severity: Medium
Last Updated: Tuesday 01 October, 2013
Source:
Industry Reference:CVE-2003-0903
Protection Provided by:

Security Gateway
R81, R80, R77, R75, R71, R70
Who is Vulnerable?
Vulnerability Description The SQL Server Resolution Protocol is a simple application-level protocol that is used for the transfer of requests and responses between clients and database server discovery services. Microsoft Data Access Components (MDAC) is a collection of components that provides the underlying functionality for a number of database operations, such as connecting to remote databases and returning data to a client. When a client system on a network tries to see a list of computers that are running SQL Server and that reside on the network, it sends a broadcast request to all the devices that are on the network. There exists a vulnerability in a specific MDAC component, which may allow an attacker to respond to the broadcast request with a specially-crafted packet that could cause a buffer overflow. Successful exploitation of this vulnerability may allow code execution in the context of the application using the vulnerable MDAC function, and may result in a denial of service condition.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75 / R71 / R70

  1. In the IPS tab, click Protections and find the Microsoft Data Access Components Broadcast Reply Buffer Overflow (MS04-003) protection using the Search tool and Edit the protection's settings.
  2. Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name:  Microsoft SQL Server Protection Violation.
Attack Information:  Microsoft Data Access Components broadcast reply buffer overflow (MS04-003)

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK