Microsoft SQL Server UDP Query Remote Version Disclosure

This script is Copyright (C) 2001-2011 H D Moore

Synopsis :

It is possible to determine the remote SQL server version.

Description :

Microsoft SQL server has a function wherein remote users can query the
database server for the version that is being run. The query takes
place over the same UDP port that handles the mapping of multiple SQL
server instances on the same machine.

It is important to note that, after Version 8.00.194, Microsoft
decided not to update this function. This means that the data
returned by the SQL ping is inaccurate for newer releases of SQL

Solution :

If there is only a single SQL instance installed on the remote host,
consider filter incoming traffic to this port.

Risk factor :


Family: Databases

Nessus Plugin ID: 10674 ()

Bugtraq ID:


Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial