|
Multiple bugs in Microsoft SQL Server (multiple bugs)
updated since 21.02.2002 | | Published: |  | 17.10.2002 | | Source: |  | MICROSOFT | | SecurityVulns ID: |  | 1803 | | Type: |  | local | | Level: |  | 6/10 | | Description: |  | Buffer overflows in OpenDataSource, OPENROWSET, pwdencrypt and xp_dirtree.
Weak registry permissions, weak password enbcryption. |
| Affected: |  | MICROSOFT : SQL Server 7.0 | | | | MICROSOFT : SQL Server 2000 |
| Original document |  | David Litchfield, Microsoft SQL Server Webtasks privilege upgrade (#NISR17102002) (17.10.2002) |
| | | MICROSOFT, Microsoft Security Bulletin MS02-061: Elevation of Privilege in SQL Server Web Tasks (Q316333) (17.10.2002) |
| | | MICROSOFT, Security Bulletin MS02-056: Cumulative Patch for SQL Server (Q316333) (03.10.2002) |
| | | NGSSoftware Insight Security Research, Microsoft SQL Server Stored procedures [sp_MSSetServerPropertiesn and sp_MSsetalertinfo] (#NISR03092002A) (03.09.2002) |
| | | David Litchfield, Arbitrary Command Execution on Distributor SQL Server 2000 machines (#NISR22002002A) (23.08.2002) |
| | | Mark Litchfield, More DBCC overruns SQL SEVER 2000 (22.08.2002) |
| | | David Litchfield, Microsoft SQL Server Agent Jobs Vulnerabilities (#NISR15002002B) (16.08.2002) |
| | | David Litchfield, Microsoft SQL Server Extended Stored Procdure privilege upgrade vulnerabilities (#NISR15002002A) (16.08.2002) |
| | | MICROSOFT, Security Bulletin MS02-043: Cumulative Patch for SQL Server (Q316333) (16.08.2002) |
| | | NGSSoftware Insight Security Research, Microsoft SQL Server 2000,7 OpenRowSet Buffer Overflow vulnerability (#NISR02072002) (05.08.2002) |
| | | MICROSOFT, Security Bulletin MS02-040: Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise (Q326573) (03.08.2002) |
| | | c c, SQL Server 2000 Buffer Overflows and SQL Inyection vulnerabilities. (26.07.2002) |
| | | NGSSoftware Insight Security Research, Microsoft SQL Server 2000 Unauthenticated System Compromise (#NISR25072002) (25.07.2002) |
| | | MICROSOFT, Security Bulletin MS02-038: Cumulative Patch for SQL Server 2000 Service Pack 2 (Q316333) (25.07.2002) |
| | | MICROSOFT, Security Bulletin MS02-039: Buffer Overruns in SQL Server 2000 Resolution Service Could Enable Code Execution (Q323875) (25.07.2002) |
| | | c c, SQL Server 7 & 2000 Installation process and Service Packs write encoded passwords to a file (11.07.2002) |
| | | NGSSoftware Insight Security Research, Microsoft SQL Server 2000 'BULK INSERT' Buffer Overflow (#NISR11072002) (11.07.2002) |
| | | MICROSOFT, Security Bulletin MS02-035: SQL Server Installation Process May Leave Passwords on System (Q263968) (11.07.2002) |
| | | MICROSOFT, Security Bulletin MS02-034: Cumulative Patch for SQL Server (Q316333) (11.07.2002) |
| | | NGSSoftware Insight Security Research, Microsoft SQL Server 2000 OpenDataSource Buffer Overflow (#NISR19062002) (20.06.2002) |
| | | martin rakhmanoff, Microsoft SQL Server 2000 pwdencrypt() buffer overflow (14.06.2002) |
| | | MICROSOFT, Security Bulletin MS02-020:SQL Extended Procedure Functions Contain Unchecked Buffers (Q319507) (18.04.2002) |
| | | c c, Many, many, many Sql Server 7 & 2000 Buffer Overflows (13.03.2002) |
| | | c c, Another Sql Server 7 Buffer Overflow (05.03.2002) |
| | | MICROSOFT, Security Bulletin MS02-007 (21.02.2002) |
|
|
|
|
|
