Reported June 13, 2001, by Microsoft.
Microsoft SQL Server 2000
Microsoft SQL Server 7.0
A vulnerability exists in Microsoft SQL Server 2000 and SQL Server 7.0 that can let an attacker execute SQL queries using the systems administrator (sa) security context. When a user terminates a client connection to a SQL Server, the connection remains cached for a period of time because of performance reasons. One SQL query method contains this cache vulnerability, making it possible for an attacker to use the query to reuse a cached connection that once belonged to the sa account. An attacker can then take actions on the database (e.g., running code), and under the right conditions, assume full control of the server.
The vendor, Microsoft, has released security bulletin MS01-032 for this vulnerability, and recommends that users immediately apply the patch mentioned in Microsoft article "Query Method Used to Access Data May Allow Rights that the Login Might Not Normally Have."
Discovered by Microsoft.