How do I check to be sure that my system is protected? There are two things to check: If you have installed a version of this patch that protects your SQL 2000 Flaw in output file handling for scheduled jobs(CAN-2002-1138): What's the scope of this vulnerability? What do web tasks and stored procedures have to do with one another? The ability to create web tasks is a system stored procedure. However, constructing a query like this would require the attacker to possess intimate knowledge about the internals of a web site's search function. http://blackplanetsupport.com/microsoft-security/microsoft-security-bulletin-ms02-065.html
Patches for consumer platforms are available from the WindowsUpdate web site Other information: Acknowledgments Microsoft thanks David Litchfield of Next Generation Security Software Ltd. What's wrong with the extended stored procedures? Microsoft recommends that SQL 2000 and MSDE 2000 customers apply the patch from MS02-061. This would consume resources on both systems, slowing performance considerably.
All Rights Reserved Microsoft SQL Server MS02-039 patch (MssqlMs02039Patch) Vuln ID: 9666 Risk Level: High MssqlMs02039Patch Platforms: Microsoft Windows NT: 4.0, Microsoft Windows 2000, Microsoft SQL Server: 2000, Microsoft Windows 2003 Specifically, untrusted users should not be able to load and execute queries of their choice on a database server. What vulnerabilities does this patch eliminate? This is a privilege elevation vulnerability. Neither SQL Server 7.0 nor MSDE 1.0 are affected.
Security Advisories and Bulletins Security Bulletins 2002 2002 MS02-039 MS02-039 MS02-039 MS02-072 MS02-071 MS02-070 MS02-069 MS02-068 MS02-067 MS02-066 MS02-065 MS02-064 MS02-063 MS02-062 MS02-061 MS02-060 MS02-059 MS02-058 MS02-057 MS02-056 MS02-055 MS02-054 MS02-053 Unchecked buffer in SQL Server 2000 authentication function (CAN-2002-1123): What's the scope of this vulnerability? By default, it runs as a Domain User. Anything the user could do, the program also could do.
You can store the programs locally and create applications that send the commands to SQL Server and process the results, or a developer can store the programs as stored procedures in Code Red Worm How might an attacker do this? SQL Server supplies stored procedures for managing SQL Server and displaying information about databases and users. What is MSDE? Microsoft Desktop Engine (MSDE) is a database engine that's built and based on SQL Server technology, and which ships as part of several Microsoft products, including Microsoft Visual Studio
The most direct attack vector would be for the attacker to construct a query that calls the affected extended stored procedures. Knowledge Base articles can be found on the Microsoft Online Support web site. Note: The patch released with this bulletin is effective in protecting SQL Server 2000 and MSDE 2000 against the "SQL Slammer" worm virus. I'm not sure whether my SQL Server 2000 system has had the original patch or the new patch installed.
Is there any other way an attacker would try to exploit this vulnerability? In addition, the attacker could run already created web tasks in the context of the creator of the web task. Microsoft Sql Server Stack Overflow Vulnerability Maximum Severity Rating: Critical Recommendation: System administrators should install the patch immediately. In a worst case, the attacker could add, change or delete data in the database, as well as potentially being able to reconfigure the operating system, install new software, or reformat
Previous versions are no longer supported, and may or may not be affected by these vulnerabilities. check over here Overwriting it with random data would likely result in the failure of the SQL Server service; overwriting it with carefully selected data could allow the attacker to run code in the It is a denial of service vulnerability only. One stored procedure, an extended stored procedure and weak permissions on a table combine to allow a low privileged user the ability to run, delete, insert or update web tasks.
Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. How could an attacker exploit this vulnerability? Yes No Additional feedback? 1500 characters remaining Submit Skip this Thank you! his comment is here Impact of vulnerability: Elevation of privilege.
for reporting this issue to us and working with us to protect customers. Cons: (10 characters minimum)Count: 0 of 1,000 characters 5. By default, SQL Server runs in the security context of a domain user, a context with very limited privileges on the server.
The original patch also eliminated one newly discovered vulnerability in a SQL Server stored procedure. Could this situation occur naturally? No. Denial of Service via SQL Server Resolution Service (CVE-CAN-2002-0650): What's the scope of this vulnerability? This is a denial of service vulnerability. http://blackplanetsupport.com/microsoft-security/microsoft-security-bulletin-ms02-048-download.html Each instance operates for all intents and purposes as though it was a separate server.
A new variant of a vulnerability originally discussed in Microsoft Security Bulletin MS02-038, through which an already authenticated user could gain additional privileges on a SQL Server. For Microsoft SQL Server 2000: Microsoft originally provided a patch for this vulnerability in MS01-060, MS02-007, MS02-020, MS02-034, MS02-038, MS02-039, MS02-043, MS02-056, and MS02-061, but they were superseded by the patch MSDE 2000 is based on SQL Server 2000. It is only necessary to restart the SQL Services Patch can be uninstalled: The readme.txt contained in the downloadable packages contains uninstall instructions.
All rights reserved. The third vulnerability could enable an attacker to cause two affected SQL Servers to engage a never-ending information exchange, for the purpose of slowing the performance of the servers. Security Advisories and Bulletins Security Bulletins 2002 2002 MS02-043 MS02-043 MS02-043 MS02-072 MS02-071 MS02-070 MS02-069 MS02-068 MS02-067 MS02-066 MS02-065 MS02-064 MS02-063 MS02-062 MS02-061 MS02-060 MS02-059 MS02-058 MS02-057 MS02-056 MS02-055 MS02-054 MS02-053 You’ll be auto redirected in 1 second.
The precise amount by which the system's performance would be slowed would depend on a number of factors, such as the processor speed and memory on the SQL Server, the number A vulnerability through which a user could potentially cause a program to run when another user subsequently logged onto the system or overwrite files that the SQL Server Agent service would V1.1 (January 21, 2003): Updated to clarify superseded patches information. All Rights Reserved Overview Specs MySQL Database Server Microsoft Security Bulletin MS02-039 Microsoft SQL Server 2008 Express (64-bit) Microsoft SQL Server Management Studio Express (64-bit) Microsoft SQL Server 2008 Express (32-bit)
The SQL 2000 patch has been changed in two ways: The patch has been incorporated into a self installing package - the original patch did not use an installer. However, installing this patch does not cause the tool to be run. V1.2 (February 28, 2003): Updated "Additional information about this patch" section. Superseded patches: SQL Server 7.0 and MSDE 1.0: This patch supersedes the one provided in Microsoft Security Bulletin MS02-020, which was itself a cumulative patch.
V1.2 (January 31, 2003): Updated to advise of supercedence by MS02-061 and clarify installation order when Hotfix 317748 is applied in conjunction with this security patch. Unchecked buffer in Database Console Commands: Exploiting this vulnerability would allow the attacker to escalate privileges to the level of the SQL Server service account. What causes the vulnerability? The vulnerability results because of a flaw in the SQL Server 2000 keep-alive mechanism,which operates via the Resolution Service.