[dba-SQLServer] Slammer worm vulnerability?

Francisco Tapia fhtapia at gmail.com
Wed Jul 12 02:33:22 CDT 2006


I was trying to put a network co-worker's mind at ease to ensure him that
all my sql server are patched and up to date, when I ran MS's sqlscan
utility and found the following lines very very disturbing!, the snapshot
below is a snapshot of my sql servers and even tho the SQL Version shows
them at 8.00.2039 (SP4) the program came back reporting them vulnerable,
none of them have blank SA passwords either and some of the servers have
alternate listening ports from 1433, so what gives?

Instance Name    Status    SQL Version    Product Level    Language    MSDE
Product Code    MSDE Package Name    sqlservr.exe Product
sqlservr.exeFile
ssnetlib.dll Product    ssnetlib.dll File    Platform    OS Version

MSSQLSERVER    VULNERABLE    8    RTM    1033    N/A    N/A    8.00.194
2000.080.0194.00    8.00.194    2000.080.0194.00    NT    5
MSSQLSERVER    VULNERABLE    8    Unknown    1033    N/A    N/A    8.00.2039
2000.080.2039.00    8.00.2039    2000.080.2039.00    NT    5.2
MSSQLSERVER    VULNERABLE    8    Unknown    1033    N/A    N/A    8.00.2039
2000.080.2039.00    8.00.2039    2000.080.2039.00    NT    5.2
MSSQLSERVER    VULNERABLE    8    Unknown    1033    N/A    N/A    8.00.2039
2000.080.2039.00    8.00.2039    2000.080.2039.00    NT    5
MSSQLSERVER    VULNERABLE    8    Unknown    1033    N/A    N/A    8.00.2039
2000.080.2039.00    8.00.2039    2000.080.2039.00    NT    5.2
MSSQLSERVER    VULNERABLE    8    Unknown    1033    N/A    N/A    8.00.2039
2000.080.2039.00    8.00.2039    2000.080.2039.00    NT    5.2
MSSQLSERVER    VULNERABLE    8    Unknown    1033    N/A    N/A    8.00.2039
2000.080.2039.00    8.00.2039    2000.080.2039.00    NT    5
MSSQLSERVER    VULNERABLE    8    Unknown    1033    N/A    N/A    8.00.2039
2000.080.2039.00    8.00.2039    2000.080.2039.00    NT    5.2


-- 
-Francisco
http://pcthis.blogspot.com |PC news with out the jargon!
http://sqlthis.blogspot.com | Tsql and More...



More information about the dba-SQLServer mailing list