Multiple Vulnerabilities in Microsoft SQL Server, Microsoft SQL Server Desktop Engine 2000, and Microsoft Data Engine 1.0

Email this Article

Printer-Friendly

View Reader Comments

[October 7, 2002]
Multiple Vulnerabilities in Microsoft SQL Server, Microsoft SQL Server Desktop Engine 2000, and Microsoft Data Engine 1.0
By: Ken Pfeil
Discoveries
InstantDoc #26888
Web Exclusive from Windows IT Pro

Reported October 2, 2002, by Microsoft.

VERSIONS AFFECTED

· Microsoft SQL Server 2000

· Microsoft SQL Server 7.0

· Microsoft SQL Server Desktop Engine 2000

· Microsoft Data Engine 1.0

DESCRIPTION

Three new vulnerabilities exist in SQL Server, Microsoft SQL Server Desktop Engine 2000, and Microsoft Data Engine 1.0, the most serious of which could let an attacker execute arbitrary code on the vulnerable system. These vulnerabilities are

· a buffer overrun in a section of code in SQL Server 2000 and Microsoft SQL Server Desktop Engine 2000 associated with user authentication—By sending a specially malformed logon request to an affected server, an attacker can either cause the server to fail or gain the ability to overwrite the server's memory and potentially run code on the server in the SQL Server service's security context. This vulnerability doesn't require the attacker to successfully authenticate to the server or to be able to issue direct commands to the server.

· a buffer overrun vulnerability that occurs in one of the Database Console Commands that ship as part of SQL Server 2000 and 7.0—By exploiting this vulnerability, an attacker can run code in the SQL Server service's security context.

· a vulnerability associated with SQL Server 2000 and 7.0 scheduled jobs—By default, SQL Server lets unprivileged users create scheduled jobs that the SQL Server Agent executes. A vulnerability stems from the fact that when a job step requests that an output file be created, the SQL Server Agent does so using its own privileges rather than the job owner's privileges. As a result, an unprivileged user can submit a job that either creates a file containing valid OS commands in another user’s Startup folder or overwrites system files to disrupt system operations.

VENDOR RESPONSE

The vendor, Microsoft, has released Security Bulletin MS02-056 (Cumulative Patch for SQL Server) to address these vulnerabilities and recommends that affected users immediately apply the appropriate patch mentioned in the bulletin. The patch changes the operation of SQL Server to prevent nonadministrative users from running ad hoc queries against non-SQL OLE DB data sources. This new operation helps prevent misuse of poorly coded data providers that might be installed on the server.

CREDIT

Discovered by sk@scan-associates.net, pokleyzz@scan-associates.net and Martin Rakhmanoff.

End of Article

You must log on before posting a comment.

If you don't have a username & password, please register now.

ADS BY GOOGLE SPONSORED LINKS

Microsoft® Tech•Ed EMEA 2008 Developers: Learn through hands-on experience with the newest and coolest development tools and acquire the skills you need to build more streamlined, scalable, and secure applications, Nov. 10-14, 2008 in Barcelona, Spain.

Order Your Fundamentals CD Today!: Learn how to use SQL Server, understand Office integration techniques and dive into the essentials of SQL Express and Visual Basic with this free SQL Fundamentals CD.

Try Idera’s new SQL admin toolset!: 24 essential desktop tools for managing SQL Server for $495.

Evaluating Your Database Infrastructure: The wind of change is in the air for your corporate databases. SQL Server 2008 and other new technologies can mean it is possible to deploy more powerful and effective databases.

True High Availability for SQL Servers: SQL Server DBA’s must ensure that they have some form of protection in place. This seminar gives useful tips on HA and resources that are available for your disaster recovery planning.

Simplify your data management: Affordable multi-database query and design tool-- free trial!

FEATURED LINKS

Coming This Fall - Deploying SharePoint - Live Event Series: Join SharePoint experts for best practices regarding infrastructure, design, forms configurations, and redundancy. Early Bird Price of $99!

SQL Server Magazine Connections Conference: Don’t miss the premier event for Microsoft developers and DBAs in Las Vegas, November 10-13. Register and book your room by August 25 and receive a FREE room night (based on a three night minimum stay).

Find a new job on the all new IT Job Hound!: Search jobs, post your resume, and set up job e-mail alerts!

Virtualization 101 – Live Web Seminar Aug. 21: Get an introduction to all the uses of virtualization and the differences between hosted, hypervisor-based, and OS-level virtualization.

Master SharePoint with 3 eLearning Seminars!: Learn how to customize field types, create scheduled services, and go further with the Content Query Web Part with MVP Andrew Connell. Register today!

Virtualization for Mission-Critical BI with SQL Server: Join this Aug. 20th web seminar to learn a different approach to virtualization for BI-based application infrastructure. Ask questions of live experts!

Windows IT Pro Is Your Definitive Source for BI Tools: Our tools are BI-lateral (relating to both the front and back ends of BI). Build the best platforms and reports with help from SQL Server Magazine. Master data-delivery with solutions in Windows IT Pro. Choose the resource that's right for you.

	SQL Server Magazine Register Subscribe FAQ for Windows WinInfoNews
	Contact Us / Customer Service Editorial Calendar Media Kit Affiliates / Licensing Technical Resources Directory
	Windows IT Pro Office & SharePoint Pro Windows Dev Pro IT Library Connected Home Windows Excavator SuperSite IT Job Hound

	Copyright © 2008 Penton Media, Inc. All rights reserved. Terms and Use Privacy Statement Reprints and Licensing

Search

Related Whitepapers

Related Events

Related eBooks

Related Essential Guides

Related Resources

vLabs Links

SQL Job Openings

ADS BY GOOGLE SPONSORED LINKS

FEATURED LINKS