Skip navigation
Menu
Security

Multiple Vulnerabilities In Microsoft SQL

Reported July 23, 2003, by Microsoft.

 

VERSIONS AFFECTED

 

  • Microsoft SQL Server 2000 and 7.0

  • Microsoft SQL Server 2000 Desktop Engine (MSDE 2000)

  • Microsoft Data Engine (MSDE) 1.0

 

DESCRIPTION

 

Three new vulnerabilities exist in SQL Server 2000, SQL Server 7.0, MSDE 2000, and MSDE 1.0, the most serious of which can result in the execution of arbitrary code on the vulnerable computer. These vulnerabilities are as follows:

 

  • Named Pipe Hijacking
    A flaw exists in the checking method for the named pipe. The flaw can permit an attacker local to the SQL Server system to gain control of the named pipe during another client's authenticated logon. The attacker could then gain control of the named pipe at the same permission level as the user who is attempting to connect. If the user has a higher level of permissions than the attacker, the attacker will assume those rights when the named pipe is compromised.

  • Named Pipe Denial of Service
    In the same named-pipes scenario as above, an unauthenticated user who is local to the intranet can send a large packet to a specific named pipe on which the SQL Server system is listening and cause it to become unresponsive. This scenario can create a Denial of Service (DoS) condition that would require a server restart to restore functionality.

  • SQL Server Buffer Overrun
    A flaw in a specific Windows function might permit an authenticated user--with direct access to log on to the SQL Server system --to create a specially crafted packet that could cause a buffer overrun when sent to the system's listening local procedure call (LPC) port. This flaw can allow a user with limited system permissions to elevate his or her permissions to the level of the SQL Server service account or cause arbitrary code to run.

 

VENDOR RESPONSE

 

Microsoft has released Security Bulletin MS03-031, "Cumulative Patch for Microsoft SQL Server (815495)," to address this vulnerability and recommends that affected users apply the appropriate patch mentioned in the bulletin.

 

CREDIT

Discovered by Andreas Junstream of @Stake.

TAGS: Security SQL
Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
DevSecOps concept
90% of Java Services in Production Have Vulnerability Risk, DevSecOps Report Finds
Apr 20, 2024
Businesswoman challenges concept and gender obstacles
Women in Cybersecurity Face Barriers to Hiring, Advancement
Apr 15, 2024
person typing on keyboard with icons for certificates
Top IT Certifications for a Career in Finance
Apr 12, 2024
employee working on a laptop with AI
Why AI Coding Assistants May Be Greatest Cybersecurity Threat Facing Your Business
Mar 26, 2024