Microsoft SQL Server UDP Query Remote Version Disclosure

This script is Copyright (C) 2001-2011 H D Moore


Synopsis :

It is possible to determine the remote SQL server version.

Description :

Microsoft SQL server has a function wherein remote users can query the
database server for the version that is being run. The query takes
place over the same UDP port that handles the mapping of multiple SQL
server instances on the same machine.

It is important to note that, after Version 8.00.194, Microsoft
decided not to update this function. This means that the data
returned by the SQL ping is inaccurate for newer releases of SQL
Server.

Solution :

If there is only a single SQL instance installed on the remote host,
consider filter incoming traffic to this port.

Risk factor :

None

Family: Databases

Nessus Plugin ID: 10674 ()

Bugtraq ID:

CVE ID: