Microsoft SQL Server and MSDE Multiple Vulnerabilities - Secunia Advisories - Vulnerability Intelligence

Microsoft SQL Server and MSDE Multiple Vulnerabilities
Secunia Advisory:	SA9336	Advisory Toolbox: Issue ticket Save in to-do list Mark as handled Exploit information Download as PDF Review actions Add comment
Release Date:	2003-07-23
Last Update:	2003-07-24
Popularity:	8,699 views

Critical:	Moderately critical
Impact:	Privilege escalation DoS
Where:	From local network
Solution Status:	Vendor Patch

Software:	Microsoft Data Engine (MSDE) 1.0 Microsoft SQL Server 2000 Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) Microsoft SQL Server 7

Subscribe:	Instant alerts on relevant vulnerabilities

CVE reference:	CVE-2003-0230 CVE-2003-0231 CVE-2003-0232

Description: Three vulnerabilities has been identified in Microsoft SQL Server and MSDE allowing local users to escalate their privileges or cause a Denial of Service. 1) Malicious users can hijack the connection of another user who is attempting to authenticate through the named pipe. This allows the malicious user to perform actions with the privileges of the other user. 2) It is possible to cause a Denial of Service by sending large packets to the named pipe on the host running SQL Server or MSDE. This does not require the malicious person to be authenticated. 3) A malicious user who is logged on to the system running SQL Server or MSDE may cause a buffer overflow by sending a malicious packet to the local procedure call (LPC) port on the system. This could be exploited to escalate privileges to those of the SQL Server. Solution: Patches are available: Microsoft SQL Server 7.0: http://microsoft.com/downloads/detail...-9B42-0D291E9C1636&displaylang=en Microsoft SQL 2000 32-bit Edition: http://microsoft.com/downloads/detail...-ADD3-B8C99618E68D&displaylang=en Microsoft SQL 2000 64-bit Edition: http://microsoft.com/downloads/detail...-8F2E-CB1BD3A6A44B&displaylang=en For other systems the patches are available via Windows Update: http://windowsupdate.microsoft.com/ Provided and/or discovered by: Andreas Junstream, @Stake Original Advisory: http://www.microsoft.com/technet/security/bulletin/MS03-031.asp

Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released. Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

Latest Advisories

2nd Dec, 2008

New advisories:	14
New vulnerabilities:	21
Updated advisories:	26

Less // 396 views

Linksys WRT160N Cross-Site Scripting Vulnerability

Less // 380 views

IBM Rational ClearQuest Multiple Vulnerabilities

Not // 302 views

Debian update for flamethrower

Not // 291 views

flamethrower Insecure Temporary Files

Less // 348 views

IBM Rational ClearCase Cross-Site Scripting Vulnerability

Not // 339 views

DAHDI "ZT_SPANCONFIG" IOCTL Privilege Escalation Vulnerability

Not // 333 views

Zaptel "ZT_SPANCONFIG" IOCTL Privilege Escalation Vulnerabilities

Moderately // 320 views

Rumpus Multiple Vulnerabilities

Less // 336 views

bcoos "cid" SQL Injection Vulnerability

Moderately // 353 views

ASP Portal "ASPPortal.mdb" Database Disclosure Security Issue

Solutions | More...

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com. Ideas, suggestions, and other feedback are most welcome.