CVE-2002-0942
published 2002-10-04CVE-2002-0942: Buffer overflows in Lugiment Log Explorer before 3.02 allow attackers with database permissions to execute arbitrary code via long arguments to the extended…
PriorityP432high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
6.20%
92.6th percentile
Buffer overflows in Lugiment Log Explorer before 3.02 allow attackers with database permissions to execute arbitrary code via long arguments to the extended stored procedures (1) xp_logattach_StartProf, (2) xp_logattach_setport, or (3) xp_logattach.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lumigent | log_explorer | <= 3.01 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Lumigent Log Explorer 3.0.1 - XP_LogAttach_SetPort Buffer Overflow
exploitdb·2002-06-14
CVE-2002-0942 Lumigent Log Explorer 3.0.1 - XP_LogAttach_SetPort Buffer Overflow
Lumigent Log Explorer 3.0.1 - XP_LogAttach_SetPort Buffer Overflow
---
source: https://www.securityfocus.com/bid/5017/info
A buffer overflow vulnerability in xp_logattach.dll has been reported for Lumigent Log Explorer. Specifically, this affects the xp_logattach_setport stored procedure.
If this condition is successfully exploited, it is possible for locations in memory to be overwritten with attacker-supplied instructions, allowing for code execution as the SQL server process. By default, SQL Server runs as a non-privileged user.
It should be noted that extended stored procedures can be run only by the dbo user by default.
declare @bo varchar(8000)
set @bo = replicate('A', 800)
exec xp_logattach_setport @bo
Exploit-DB
Lumigent Log Explorer XP - _LogAttach_StartProf Buffer Overflow
exploitdb·2002-06-14
CVE-2002-0942 Lumigent Log Explorer XP - _LogAttach_StartProf Buffer Overflow
Lumigent Log Explorer XP - _LogAttach_StartProf Buffer Overflow
---
source: https://www.securityfocus.com/bid/5016/info
A buffer overflow vulnerability in xp_logattach.dll has been reported for Lumigent Log Explorer. Specifically, this affects the xp_logattach_StartProf stored procedure.
If this condition is successfully exploited, it is possible for locations in memory to be overwritten with attacker-supplied instructions, allowing for code execution as the SQL server process. By default, SQL Server runs as a non-privileged user.
It should be noted that extended stored procedures can be run only by the dbo user by default.
declare @bo varchar(8000)
set @bo = replicate('A', 800)
exec xp_logattach_StartProf @bo
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2002-06/0146.htmlhttp://online.securityfocus.com/archive/1/277026http://www.iss.net/security_center/static/9346.phphttp://www.lumigent.com/LogExplorer/Support/whatsnew3_03.htmhttp://www.securityfocus.com/bid/5016http://www.securityfocus.com/bid/5017http://www.securityfocus.com/bid/5018http://archives.neohapsis.com/archives/bugtraq/2002-06/0146.htmlhttp://online.securityfocus.com/archive/1/277026http://www.iss.net/security_center/static/9346.phphttp://www.lumigent.com/LogExplorer/Support/whatsnew3_03.htmhttp://www.securityfocus.com/bid/5016http://www.securityfocus.com/bid/5017http://www.securityfocus.com/bid/5018
2002-10-04
Published