Computer Security
[EN] securityvulns.ru no-pyccku


Related information

  Multiple bugs in Microsoft SQL Server (multiple bugs)

  Microsoft SQL Server Webtasks privilege upgrade (#NISR17102002)

  Microsoft Security Bulletin MS02-061: Elevation of Privilege in SQL Server Web Tasks (Q316333)

  Security Bulletin MS02-056: Cumulative Patch for SQL Server (Q316333)

  Microsoft SQL Server Stored procedures [sp_MSSetServerProper
tiesn and sp_MSsetalertinfo] (#NISR03092002A)

From:MICROSOFT <secure_(at)_microsoft.com>
Date:03.08.2002
Subject:Security Bulletin MS02-040: Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise (Q326573)

- ----------------------------------------------------------------------
Title:      Unchecked Buffer in MDAC Function Could Enable SQL
           Server Compromise (Q326573)
Date:       31 July 2002
Software:   Microsoft Data Access Components
Impact:     Run code of attacker's choice
Max Risk:   Moderate
Bulletin:   MS02-040

Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS02-040.asp.
- ----------------------------------------------------------------------

Issue:
======
The Microsoft Data Access Components (MDAC) provide a number of
supporting technologies for
accessing and using databases. Included among these functions is the
underlying support for
the T-SQL OpenRowSet command. A security vulnerability results
because the MDAC functions
underlying OpenRowSet contain an unchecked buffer.

An attacker who submitted a database query containing a specially
malformed parameter within
a call to OpenRowSet could overrun the buffer, either for the purpose
of causing the SQL
Server to fail or causing the SQL Server service to take actions
dictated by the attacker.

Mitigating Factors:
====================
- In order to exploit the vulnerability, the attacker would
  need the ability to load and execute a database query on the
  server. This is strongly discouraged by best practices, and
  servers that have been configured to prevent this (e.g., through
  the use of the DisallowAdhocAccess registry setting, as discussed
  in the FAQ) would not be at risk from the vulnerability.
- Under default conditions, the system-level privileges gained
  through a successful attack would be those of a Domain User.
- Even though MDAC ships as part of all versions of Windows,
  the vulnerability can only be exploited on SQL Servers. Customers
  who are not using SQL Server do not need to take action, despite
  the fact that MDAC may be installed on their systems.

Risk Rating:
============
- Internet systems: Moderate
- Intranet systems: Moderate
- Client systems: None

Patch Availability:
===================
- A patch is available to fix this vulnerability. Please read the
  Security Bulletin at
  http://www.microsoft.com/technet/security/bulletin/ms02-040.asp
  for information on obtaining this patch.

Acknowledgment:
===============
- David Litchfield of Next Generation Security Software Ltd.
  (http://www.nextgenss.com/)
- ---------------------------------------------------------------------

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED
"AS IS" WITHOUT
WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER
EXPRESS OR IMPLIED,
INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE. IN NO
EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY
DAMAGES WHATSOEVER
INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF
BUSINESS PROFITS OR SPECIAL
DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY
OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION
OF LIABILITY FOR
CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY
NOT APPLY.

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod