Computerworld.com en parle beaucoup:
http://www.computerworld.com/securityto ... 98,00.htmlThe problems began at around 12:30 a.m. EST, and initial reports suggest the cause was a worm that exploits a vulnerability in Microsoft Corp.'s SQL Server.
Les plus vulnérables:One of the countries worst affected was South Korea, where most of the nation's fixed-line and mobile Internet users were unable to access Web sites for nearly half of the day.
Problême de vers plat:The antivirus company identified the worm that exploits this weakness as W32.SQLExp.Worm, DDOS_SQLP1434.
Faille dans SQL,retour des packets en loop infinie:A large-scale denial-of-service attack hit the Internet today, causing varying degrees of trouble to computer users and server operators around the world, according to security experts.
The problems began at around 12:30 a.m. EST, and initial reports suggest the cause was a worm that exploits a vulnerability in Microsoft Corp.'s SQL Server.
One of the countries worst affected was South Korea, where most of the nation's fixed-line and mobile Internet users were unable to access Web sites for nearly half of the day.
"The networks of Internet service providers in South Korea were partially down from about 2:30 p.m. today," said Lee Kin Tae, a technical assistant at the Korean Computer Emergency Response Team (CERT) in Seoul. "From around that time, most people in South Korea cannot use the Internet."
From initial technical details, the problems appear to have centered around a vulnerability in Microsoft's SQL Server and its server resolution service, Lee said. The server resolution service provides a way for clients to query for the appropriate network endpoints to use for a particular SQL Server instance, according to Microsoft.
Other reports also point to this vulnerability as the root of the problems. Antivirus software vendor Symantec Corp. said it noticed a significant increase in scans related to the server resolution service at the same time as problems began hitting the Internet in South Korea.
Microsoft identified three problems in its SQL server product in late July and issued a patch to repair all of them. One concerned a vulnerability to denial-of-service attacks in the server resolution service, according to a security bulletin posted on the software company's Web site.
There is also a CERT advisory on the vulnerability.
When a data packet is sent to port 1434, the port used by the service, it replies with a return data packet. A malicious user could change the address on the incoming packet so that it appeared to come from another SQL Server. The return packet would thus be sent to another server, which would in turn send a return packet back, setting up a never-ending loop, said Microsoft. This loop would suck up a large amount of the available resources of the server, making it difficult for legitimate users to access the server.
Une fois de plus le SQL est vraiment trop vulnérable et non rentable pour une Cie!