Multiple Vulnerabilities in Microsoft SQL Server 2000 and MSDE

Reported July 11, 2002, by Microsoft.

VERSIONS AFFECTED

·         Microsoft SQL Server 2000, all editions

·         Microsoft SQL Server Desktop Engine (MSDE) 2000

DESCRIPTION

Multiple vulnerabilities exist in SQL Server 2000 and MSDE 2000, the most severe of which can lead to remote compromise of the vulnerable server. These vulnerabilities are

·          A buffer overrun vulnerability in a procedure that SQL Server uses to encrypt credential information. An attacker who successfully exploits this vulnerability can gain control over the database and possibly the server, depending on SQL Server's account privileges.

·         A buffer overrun vulnerability in a procedure relating to the bulk insertion of data in SQL Server’s tables. An attacker who successfully exploits this vulnerability can gain control over the database and possibly the server.

·         A privilege elevation vulnerability that results because of incorrect permissions on the registry key that stores the SQL Server service account information. An attacker who successfully exploits this vulnerability can gain greater privileges on the system than the systems administrator has.

VENDOR RESPONSE

The vendor, Microsoft, has released Security Bulletin MS02-034 (Cumulative Patch for SQL Server) to address this vulnerability and recommends that affected users download and apply the appropriate patch mentioned in the bulletin. These patches are cumulative and address all previously discovered vulnerabilities in the affected product.

CREDIT
Discovered by Cesar Cerrudo and Mark Litchfield of Next Generation Security Software.