Reported June 13, 2001, by Microsoft.
VERSIONS AFFECTED
-
Microsoft SQL Server 2000
-
Microsoft SQL Server 7.0
DESCRIPTION
A vulnerability exists in
Microsoft SQL Server 2000 and SQL Server 7.0 that can let an attacker execute
SQL queries using the systems administrator (sa) security context. When a user
terminates a client connection to a SQL Server, the connection remains cached
for a period of time because of performance reasons. One SQL query method
contains this cache vulnerability, making it possible for an attacker to use the
query to reuse a cached connection that once belonged to the sa account. An
attacker can then take actions on the database (e.g., running code), and under
the right conditions, assume full control of the server.
VENDOR RESPONSE
The vendor, Microsoft, has released security bulletin MS01-032 for this vulnerability, and recommends that users immediately apply the patch mentioned in Microsoft article "Query Method Used to Access Data May Allow Rights that the Login Might Not Normally Have."
CREDIT
Discovered by Microsoft.