REALLY HACKING SQL SERVER 2000. Less Theory – More Action Jasper Smith . Agenda. Slammer review and Tools SQL Password Sniffing Decoding WITH ENCRYPTION Privilege Escalation UDP 1434 Exploits Links to security resources Questions ?. What’s not covered.
Less Theory – More Action
Memory resident worm that propagates via UDP Port 1434 and exploits a vulnerability in the SQL Server Resolution Service
First patch available July 2002
Difficulty of installing security hotfixes hampered deployment (tools now available)
Too many exposed servers without Firewalls
MSDE difficult to patch and identify – installed by many products
 Threat Profiling SQL Server by David Litchfield http://www.nextgenss.com/papers/tp-SQL2000.pdf