ATLAS Attack Report: Global Microsoft SQL Server version buffer overflow attempt

Attack Report

Global Microsoft SQL Server version buffer overflow attempt

View:
Activity
Sources

Output:
Print
XML
CSV

Activity (past 24 hours)

By Service

Service	Attacks per subnet	Percentage
UDP/1434 (ms-sql-m)	239.47	100.0%
Other	0.00	0.0%

Sources (past 24 hours)

By Country

Country	Attacks per subnet	Percentage
CN (China)	220.45	92.1%
JP (Japan)	4.03	1.7%
US (United States)	3.91	1.6%
IN (India)	2.23	0.9%
BR (Brazil)	1.72	0.7%
BG (Bulgaria)	1.37	0.6%
AR (Argentina)	0.87	0.4%
DE (Germany)	0.60	0.3%
PL (Poland)	0.52	0.2%
ES (Spain)	0.42	0.2%
Other	3.36	1.4%

By ASN

ASN	Attacks per subnet	Percentage
AS4134 (CHINANET-BACKBONE)	147.02	61.4%
AS4837 (CHINA169-BACKBONE)	38.25	16.0%
AS17431 (TONET)	25.06	10.5%
AS24444 (CMNET-V4SHANDONG-AS-AP)	4.99	2.1%
AS4812 (CHINANET-SH-AP)	4.03	1.7%
AS4713 (OCN)	2.33	1.0%
AS17447 (NET4INDIA)	1.80	0.7%
AS42081 (SPEEDY-NET-AS)	1.27	0.5%
AS14463 (TDKOM)	1.24	0.5%
AS2510 (INFOWEB)	0.74	0.3%
Other	12.75	5.3%

By Host

Host	Attacks per subnet	Percentage
61.134.56.18	26.58	11.1%
202.99.11.99	25.06	10.5%
218.75.199.50	24.82	10.4%
61.153.50.237	24.49	10.2%
58.20.154.23	22.46	9.4%
61.132.223.14	19.78	8.3%
218.64.237.219 (219.237.64.218.broad.yt.jx.dynamic.163data.com.cn)	15.35	6.4%
124.165.225.109	14.39	6.0%
222.82.249.235	9.72	4.1%
59.173.0.149	6.22	2.6%
Other	50.60	21.1%

Background

Description

Microsoft SQL Server version buffer overflow attempt

Vulnerabilities

CVE-2002-0649

Age: 2172 days

Severity: High

CVSS Score: 7.5

Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption, as exploited by the Slammer/Sapphire worm.