SQL Server Cached Credentials Vulnerability

Reported June 13, 2001, by Microsoft.

VERSIONS AFFECTED

 

  • Microsoft SQL Server 2000

  • Microsoft SQL Server 7.0

DESCRIPTION
A vulnerability exists in Microsoft SQL Server 2000 and SQL Server 7.0 that can let an attacker execute SQL queries using the systems administrator (sa) security context. When a user terminates a client connection to a SQL Server, the connection remains cached for a period of time because of performance reasons. One SQL query method contains this cache vulnerability, making it possible for an attacker to use the query to reuse a cached connection that once belonged to the sa account. An attacker can then take actions on the database (e.g., running code), and under the right conditions, assume full control of the server.

 

VENDOR RESPONSE

The vendor, Microsoft, has released security bulletin MS01-032 for this vulnerability, and recommends that users immediately apply the patch mentioned in Microsoft article "Query Method Used to Access Data May Allow Rights that the Login Might Not Normally Have."

 

CREDIT
Discovered by Microsoft.

TAGS: Security
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish