Vulnerability Details CVE-2002-0650
The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a "ping" style packet to the Resolution Service (UDP port 1434) with a spoofed IP address of another SQL Server system, which causes the two servers to exchange packets in an infinite loop.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.252
EPSS Ranking 95.9%
CVSS Severity
CVSS v2 Score 5.0
References
- http://marc.info/?l=bugtraq&m=102760196931518&w=2
- http://marc.info/?l=ntbugtraq&m=102760479902411&w=2
- http://www.iss.net/security_center/static/9662.php
- http://www.osvdb.org/878
- http://www.securityfocus.com/bid/5312
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-039
- http://marc.info/?l=bugtraq&m=102760196931518&w=2
- http://marc.info/?l=ntbugtraq&m=102760479902411&w=2
- http://www.iss.net/security_center/static/9662.php
- http://www.osvdb.org/878
- http://www.securityfocus.com/bid/5312
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-039
Products affected by CVE-2002-0650
-
cpe:2.3:a:microsoft:sql_server:2000