Microsoft SQL Server UDP Query Remote Version Disclosure

This script is Copyright (C) 2001-2011 H D Moore

Synopsis :

It is possible to determine the remote SQL server version.

Description :

Microsoft SQL server has a function wherein remote users can query the
database server for the version that is being run. The query takes
place over the same UDP port that handles the mapping of multiple SQL
server instances on the same machine.

It is important to note that, after Version 8.00.194, Microsoft
decided not to update this function. This means that the data
returned by the SQL ping is inaccurate for newer releases of SQL

Solution :

If there is only a single SQL instance installed on the remote host,
consider filter incoming traffic to this port.

Risk factor :


Family: Databases

Nessus Plugin ID: 10674 ()

Bugtraq ID: