Database Journal
MS SQL Oracle DB2 Access MySQL PostgreSQL Sybase PHP SQL Etc SQL Scripts & Samples Links Database Forum

» Database Journal Home
» Database Articles
» Database Tutorials
MS SQL
Oracle
DB2
MS Access
MySQL
» RESOURCES
Database Tools
SQL Scripts & Samples
Links
» Database Forum
» Sitemap
Free Newsletters:
DatabaseDaily  
News Via RSS Feed


follow us on Twitter
Database Journal |DBA Support |SQLCourse |SQLCourse2
 

Featured Database Articles

Database News

Posted Jul 25, 2002

Two New SQL Server 2000 Security Patches Available

By Forrest Stroud



7.25.02. Microsoft released today two new security patches for SQL Server 2000 and MSDE 2000. The patches combine to eliminate five newly discovered vulnerabilities ranging from moderate to critical in severity.

The "Unchecked Buffer in SQL Server 2000 Utilities Could Allow Code Execution" patch eliminates two newly discovered vulnerabilities, both of which carry a moderate severity rating:

  • Buffer Overrun Vulnerability in Database Consistency Checkers - A buffer overrun vulnerability that occurs in several Database Consistency Checkers (DBCCs) that ship as part of SQL Server 2000. In the most serious case, exploiting this vulnerability would enable an attacker to run code in the context of the SQL Server service, thereby giving the attacker complete control over all databases on the server.

  • SQL Injection Vulnerability in Replication Stored Procedures - A SQL injection vulnerability that occurs in two stored procedures used in database replication. Exploiting the vulnerability could enable an attacker to run operating system commands on the server (subject, however, to significant mitigating factors).
The "Buffer Overruns in SQL Server 2000 Resolution Service Could Enable Code Execution" patch eliminates three newly discovered vulnerabilities in the SQL Server Resolution Service, all of which carry a critical severity rating:
  • Buffer Overruns in SQL Server Resolution Service - Two separate buffer overruns exist that can be exploited by sending a carefully crafted packet to the Resolution Service, which could then allow an attacker to cause portions of system memory (the heap in one case, the stack in the other) to be overwritten. Overwriting it with random data would likely result in the failure of the SQL Server service; overwriting it with carefully selected data could allow the attacker to run code in the security context of the SQL Server service.

  • Denial of Service via SQL Server Resolution Service - A vulnerability exists in the keep-alive mechanism that makes it possible to create a keep-alive packet that, when sent to the Resolution Service, will cause SQL Server 2000 to respond with the same information. An attacker who created such a packet, spoofed the source address so that it appeared to come from a one SQL Server 2000 system, and sent it to a neighboring SQL Server 2000 system could cause the two systems to enter a never-ending cycle of keep-alive packet exchanges. This would consume resources on both systems, slowing performance considerably.

Both patches can be installed on systems running SQL Server 2000 Service Pack 2, and the functionality included in the patches will be part of SQL Server 2000 Service Pack 3 when it's released.

Additional information on the "Unchecked Buffer in SQL Server 2000 Utilities Could Allow Code Execution" patch (and download links) can be found at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-038.asp

Additional information on the "Buffer Overruns in SQL Server 2000 Resolution Service Could Enable Code Execution" Security Patch (and download links) can be found at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-039.asp


» See All Articles by Editor Forrest Stroud




Database News Archives

Comment and Contribute

 


(Maximum characters: 1200). You have characters left.

 

 




Latest Forum Threads
Database News Forum
Topic By Replies Updated
Efficient SQL Server Indexing by Design lcole 0 April 30th, 12:38 PM
Mine Oracle Database, SQL Server and Other Databases with Monarch Data Pump Pro V10.5 lcole 0 April 30th, 12:37 PM
Oracle Database and Oracle Fusion Middleware for Private Social Network Application lcole 0 April 30th, 12:31 PM
Oracle Database Maintains a Stronghold in the DBMS Market lcole 0 April 30th, 12:30 PM