Computer Security
[EN] securityvulns.ru no-pyccku


Related information

  Multiple bugs in Microsoft SQL Server (multiple bugs)

  Microsoft SQL Server Webtasks privilege upgrade (#NISR17102002)

  Microsoft Security Bulletin MS02-061: Elevation of Privilege in SQL Server Web Tasks (Q316333)

  Security Bulletin MS02-056: Cumulative Patch for SQL Server (Q316333)

  Microsoft SQL Server Stored procedures [sp_MSSetServerProper
tiesn and sp_MSsetalertinfo] (#NISR03092002A)

From:MICROSOFT <secure_(at)_microsoft.com>
Date:21.02.2002
Subject:Security Bulletin MS02-007

- ----------------------------------------------------------------------
Title:      SQL Server Remote Data Source Function Contain
           Unchecked Buffers
Date:       20 February 2002
Software:   Microsoft SQL Server
Impact:     Run code of attacker's choice on server
Max Risk:   Moderate
Bulletin:   MS02-007

Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS02-007.asp.
- ----------------------------------------------------------------------

Issue:
======
One of the features of Structured Query Language (SQL) in
SQL Server 7.0 and 2000 is the ability to connect to remote data
sources. One capability of this feature is the ability to use
"ad hoc" connections to connect to remote data sources without
setting up a linked server for less-often used data-sources. This
is made possible through the use of OLE DB providers, which are
low-level data source providers. This capability is made possible
by invoking the OLE DB provider directly by name in a query to
connect to the remote data source.

An unchecked buffer exists in the handling of OLE DB provider names
in ad hoc connections. A buffer overrun could occur as a result and
could be used to either cause the SQL Server service to fail, or to
cause code to run in the security context of the SQL Server.
SQL Server can be configured to run in various security contexts,
and by default runs as a domain user. The precise privileges the
attacker could gain would depend on the specific security context
that the service runs in.

An attacker could exploit this vulnerability in one of two ways.
They could attempt to load and execute a database query that calls
one of the affected functions. Conversely, if a web-site or other
database front-end were configured to access and process arbitrary
queries, it could be possible for an attacker to provide inputs that
would cause the query to call one of the functions in question
with the appropriate malformed parameters.

Mitigating Factors:
====================
- The effect of exploiting the vulnerability would depend on the
  specific configuration of the SQL Server service. SQL Server
  can be configured to run in a security context chosen by the
  administrator. By default, this context is as a domain user.
  If the rule of least privilege has been followed, it would
  minimize the amount of damage an attacker could achieve.

- Both vectors for exploiting the vulnerability could be blocked
  by following best practices. Specifically, untrusted users
  should not be able to load and execute queries of their choice
  on a database server. In addition, publicly accessible database
  queries should filter all inputs prior to processing.

Risk Rating:
============
- Internet systems: Moderate
- Intranet systems: Moderate
- Client systems: Moderate

Patch Availability:
===================
- A patch is available to fix this vulnerability. Please read the
  Security Bulletin at
  http://www.microsoft.com/technet/security/bulletin/ms02-007.asp
  for information on obtaining this patch.

- ---------------------------------------------------------------------

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS
ALL
WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT
SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY
DAMAGES
WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL,
LOSS OF
BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR
ITS
SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME
STATES DO
NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL
OR
INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod