CVE-2002-0650

Name of the Vulnerable Software and Affected Versions Microsoft SQL Server 2000

Description The issue allows remote attackers to cause a denial of service, specifically bandwidth consumption, by sending a "ping" style packet to the Resolution Service on UDP port 1434 with a spoofed IP address of another SQL Server system. This action causes the two servers to exchange packets in an infinite loop.

Recommendations For Microsoft SQL Server 2000, consider restricting access to the Resolution Service on UDP port 1434 to prevent spoofed packets from initiating the denial of service. As a temporary workaround, consider implementing firewall rules to block unsolicited UDP traffic on port 1434.