Microsoft SQL Server UDP Query Remote Version Disclosure

This script is Copyright (C) 2001-2011 H D Moore


Synopsis :

It is possible to determine the remote SQL server version.

Description :

Microsoft SQL server has a function wherein remote users can query the
database server for the version that is being run. The query takes
place over the same UDP port that handles the mapping of multiple SQL
server instances on the same machine.

It is important to note that, after Version 8.00.194, Microsoft
decided not to update this function. This means that the data
returned by the SQL ping is inaccurate for newer releases of SQL
Server.

Solution :

If there is only a single SQL instance installed on the remote host,
consider filter incoming traffic to this port.

Risk factor :

None

Family: Databases

Nessus Plugin ID: 10674 ()

Bugtraq ID:

CVE ID:

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial