i had double check this...since i was pretty sure i posted simething like this last week...turns out this is a different buffer overflow...it's so confusin...there's so many



INFORMATION ALERT
AN EMERGING ISSUE WITH:
MICROSOFT SQL SERVER (VERSIONS 7 AND 2000) BUFFER OVERFLOW
SEVERITY:
Medium
DATE:
February 21, 2002
SUMMARY:
On February 20, Microsoft released a security bulletin describing a
buffer overflow in its SQL Server version 7 and 2000. Attackers can
use the buffer overflow to either stop or crash the SQL server
entirely, or to execute any command on the system that the SQL
server itself can execute. Administrators should download and install the patch from
Microsoft as soon as is practical.

EXPOSURE:
Microsoft SQL servers can connect to other data sources using an "ad
hoc" connection. An ad hoc connection connects a database to its
data source temporarily, when the effort to set up a more permanent
connection is not justified. The buffer overflow occurs in the code
that enables this type of database connection.

If the attack is successful, the attacker will be able to do
anything the SQL service itself can do: delete files, add files,
change data in the database, etc. The only restriction on the
attacker's actions would be those imposed by the operating system on
the SQL service. Most SQL servers are installed with only user level
permissions, limiting what an attacker can do without a further
attack to elevate those privileges to administrator level.

If the attack is unsuccessful, the SQL service itself will probably
crash as a result of the attempt, requiring a manual restart of the
service.

If you allow traffic to or from your SQL server, then it may be
possible for an attacker to exploit this vulnerability as long as
the attacker can pass a query to the vulnerable server. To do this,
the attacker would need to gain access to an account on the server
by: compromising a Web application; sniffing a user name or password
off the wire (not all SQL authentication uses strong encryption);
social engineering; or guessing the password for a known username.