Multiple Vulnerabilities in Microsoft SQL Server 2000 and MSDE

Reported July 11, 2002, byMicrosoft.

VERSIONS AFFECTED

·        Microsoft SQL Server 2000, all editions

·        Microsoft SQL Server Desktop Engine (MSDE) 2000

DESCRIPTION

Multiple vulnerabilities exist inSQL Server 2000 and MSDE 2000, the most severe of which can lead to remotecompromise of the vulnerable server. These vulnerabilities are

·         A buffer overrun vulnerability in a procedure that SQLServer uses to encrypt credential information. An attacker who successfullyexploits this vulnerability can gain control over the database and possibly theserver, depending on SQL Server's account privileges.

·        A buffer overrun vulnerability in a procedure relating tothe bulk insertion of data in SQL Server’s tables. An attacker whosuccessfully exploits this vulnerability can gain control over the database andpossibly the server.

·        A privilege elevation vulnerability that results because ofincorrect permissions on the registry key that stores the SQL Server serviceaccount information. An attacker who successfully exploits this vulnerabilitycan gain greater privileges on the system than the systems administrator has.

VENDOR RESPONSE

Thevendor, Microsoft, has released SecurityBulletin MS02-034(Cumulative Patch for SQL Server) to address this vulnerability and recommendsthat affected users download and apply the appropriate patch mentioned in thebulletin. These patches are cumulative and address all previously discoveredvulnerabilities in the affected product.

CREDIT
Discovered by CesarCerrudo and Mark Litchfieldof Next Generation Security Software.