Microsoft KB Archive/277640

= FIX: Denial of Service Attack with NULL Bytes in RPC Request =

Article ID: 277640

Article Last Modified on 3/14/2006

-

APPLIES TO


 * Microsoft SQL Server 7.0 Standard Edition
 * Microsoft SQL Server 2000 Standard Edition

-



This article was previously published under Q277640



BUG #: 58466 (SQLBUG_70), 236457 (SHILOH)



SYMPTOMS
Multi-protocol (RPC) requests transported by way of TCP/IP Sockets filled with appropriately placed NULL bytes may cause an access violation (AV) within SQL Server, causing the process to terminate. The last line in the errorlog reports the following message:

2000-10-20 12:59:07.56 server SQL Server is aborting. Fatal exception c0000005 caught.



SQL Server 2000
To resolve this problem, obtain the latest service pack for Microsoft SQL Server 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

290211 INF: How to Obtain the Latest SQL Server 2000 Service Pack

SQL Server 7.0
To resolve this problem, obtain the latest service pack for Microsoft SQL Server 7.0.



WORKAROUND
You can work around this problem in the following ways:
 * Disable the Multi-protocol Net-Library by using the Server Network Utility.
 * If you are using SQL Server 2000, disable the Multi-protocol Net-Library from using TCP/IP Sockets as a transport with the following steps:
 * Use the Server Network Utility.
 * Select Multi-protocol.
 * Click the Properties button
 * Remove the &quot;ncacn_ip_tcp&quot; entry from the RPC Protocols text box.



SQL Server 2000
Microsoft has confirmed this to be a problem in SQL Server 2000. This problem was first corrected in Microsoft SQL Server 2000 Service Pack 1.

SQL Server 7.0
Microsoft has confirmed this to be a problem in SQL Server 7.0. This problem has been corrected in U.S. Service Pack 3 for Microsoft SQL Server 7.0. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

274799 INF: How to Obtain Service Pack 3 for Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0

For more information, contact your primary support provider.



MORE INFORMATION
This situation can only be encountered by using a malicious nonclient application, because a normal client application will not have null values as part of the RPC request in the manner that this problem requires. For additional information about Microsoft Security Bulletin MS01-041, see the following article in the Microsoft Knowledge Base:

298012 Malformed RPC Request Can Cause Service Problems

Keywords: kbbug kbfix KB277640

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.