COMMAND

	Microsoft SQL Server pwdencrypt() buffer overflow

SYSTEMS AFFECTED

	SQL Server 2000 (up to SP2)

PROBLEM

	Martin Rakhmanoff (jimmers) [jimmers@yandex.ru] found :
	

	Microsoft SQL Server 2000 (up to SP2) suffers from buffer/heap  overflow
	in built-in hashing  function  pwdencrypt().  Sample  code  shown  below
	crashes SQL Server service and may lead to arbitrary code execution:
	

	SELECT pwdencrypt(REPLICATE(\'A\',353))

	

	On some systems it may require  lager  amount  of  characters  to  cause
	overflow (1000 is enough in any case)
	

	

SOLUTION

	None yet.