Home > Microsoft Security > Cve-2002-1123



The tool only needs to be run one time, so customers who have previously run it do not need to take additional action. By sending a specially formatted request to UDP 1434 port, it could be possible to overrun the buffers associated with either of the functions. This activity could consume most or all of the available bandwidth on the two machines. Unlike the DBCCs discussed in MS02-038, the one affected by this variant could be executed by any SQL user.

What is a stored procedure? A stored procedure is a precompiled collection of Transact-SQL statements stored under a name and processed as a group. Customers who are seeking the patch for MS02-040 should instead apply the patch from MS03-033. Best practices recommends against both of these practices. Exploiting this vulnerability would allow the attacker to escalate privileges to the level of the SQL Server service account. More hints


How do I check I've got this security patch installed? Superseded patches: MS02-007 Verifying patch installation: SQL Server 7.0: To ensure you have the fix installed properly, verify the individual files by consulting the date/time stamp of the files listed in Knowledge Base articles can be found on the Microsoft Online Support web site. This documentation is archived and is not being maintained.

I thought that the SQL Server 2000 patch in Microsoft Security Bulletin MS02-039 corrected the vulnerability being exploited by the "slammer" virus. It is possible to create a keep-alive packet that, when sent to the Resolution Service, will cause SQL Server 2000 to respond with the same information. What vulnerabilities does this patch eliminate? This is a cumulative patch that, when applied, address all previously addressed vulnerabilities. Knowledge Base articles can be found on the Microsoft Online Support web site.

However, this patch has been superseded by the patch released with MS02-061 which contains fixes for additional security vulnerabilities in these products. Code Red Worm This would consume resources on both systems, slowing performance considerably. Previous versions are no longer supported, and may or may not be affected by these vulnerabilities. By calling this function with specially chosen parameters, an attacker could cause a buffer overrun condition to occur.

The precise privileges the attacker could gain would depend on the specific security context that the service runs in. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. See ASP.NET Ajax CDN Terms of Use – ]]> TechNet Products Products Windows Windows Server System Center Browser What's a scheduled job? Scheduled jobs provide a way to cause the SQL Server to take a designated action at a particular time.

Code Red Worm

However, you may need to install the hotfix from Knowledge Base article Q317748 that corrects a problem which may affect the normal operation of SQL Server. check my site MDAC is a ubiquitous technology, and it is likely to be present on most Windows systems: By default, MDAC is included as part of Microsoft Windows XP, Windows 2000, and Windows Cve-2002-1123 A tool is also available that can help you determine what version of MDAC is running on your system. In the most serious case, exploiting this vulnerability would enable an attacker to run code in the context of the SQL Server service, thereby giving the attacker complete control over all

There is a patch for each supported version of MDAC. Microsoft Security Bulletin MS02-043 - Moderate Cumulative Patch for SQL Server (Q316333) Published: August 14, 2002 | Updated: February 28, 2003 Version: 1.2 Originally posted: August 14, 2002 Updated: February 28, Reboot needed: No. An attacker could submit a database query that contains a specially malformed parameter within a call to OpenRowSet that could overrun the buffer, either to cause the server that is running

Likewise, it would depend on the network bandwidth between the systems, the processor speed on the respective machines, and so forth. Unchecked Buffer in Bulk Insert Procedure (CVE-CAN-2002-0641): What's the scope of the second vulnerability? This is a buffer overrun vulnerability. Why did you only re-release this patch for SQL Server 2000? The release of the "Slammer" worm virus made it especially critical for SQL Server 2000 customers to deploy this patch. What causes the vulnerability? The vulnerability results because of an unchecked buffer in a SQL Server function that handles the encryption of passwords for accounts that use SQL Server Authentication.

This is a buffer overrun vulnerability. There is no charge for support calls associated with security patches. MSDE 2000 is based on SQL Server 2000.

System administrators should ensure that they read the Readme.txt file in the patch package to ensure the patch is installed correctly.

For example, if the database were part of a web-based search tool and one of the functions in question were called by the web site, an attacker could attempt to construct Are there any issues I should be aware when applying the hotfix described by Microsoft Knowledge Base article Q317748? Yes - if you install the hotfix discussed in Microsoft Knowledge Base article The Affected Versions section says that Microsoft Desktop Engine (MSDE) is also affected by these vulnerabilities. What could this vulnerability enable an attacker to do? This vulnerability could enable an attacker who was able to invoke this procedure to run code on the system in the context of

What vulnerabilities does this patch eliminate? This is a privilege elevation vulnerability. Revisions: V1.0 (July 24, 2002): Bulletin Created. Mitigating factors: It is necessary to be an authenticated user of the SQL Server. It might only require that the administrator restart the service.

Microsoft recommends that SQL 2000 and MSDE 2000 customers apply the patch from MS02-061. Because of this, it is possible for an attacker to call the function and provide it with input so that the buffer is overrun and the memory within the SQL Server Knowledge Base articles can be found on the Microsoft Online Support web site. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation

By default, the service runs with the privileges of a domain user, rather than with system privileges. - - Web tasks have to exist in the first place. What do you mean by "inserting of bulk data"? There is a command in SQL that allows bulk copying of data from data files into a database table or view in a What causes the vulnerability? The vulnerability results because incorrect permissions are assigned to a part of the registry that contains information regarding the service account which SQL Server runs under. However, the multiple instances cannot all use the standard SQL Server session port (TCP 1433).

If the product version is between 8.00.0194 and 8.00.0533, you are running SQL Server 2000 or MSDE 2000. V2.0 (January 26, 2003): Updated to provide information about revised patch that uses installer technology V2.1 (January 26, 2003): Updated file and version number information in the Frequently Asked Questions section. I have already applied the original SQL 2000 patch. Some MDAC components are also present as part of Microsoft Internet Explorer even if MDAC itself is not installed.

It could also be possible to exploit this vulnerability using the Transact-SQL OpenRowSet command. The vulnerability results because a flaw in the Microsoft Data Access Components that provides some of the underlying functionality that is used to load an ODBC driver and to connect to The vulnerability could be blocked by following best practices. By sending a specially malformed login request to an affected server, an attacker could either cause the server to fail or gain the ability to overwrite memory on the server, thereby

At that point, any operating system commands that the SQL Server executed would be carried out with the rights and permissions of the new service account. Follow the link to Microsoft Security Bulletin MS02-061 : Elevation of Privilege in SQL Server Web Tasks (Q316333)... For information on this issue please review Microsoft Knowledge Base article Q317748. A localized Readme.txt file is included in each package for installation instructions.

Knowledge Base articles can be found on the Microsoft Online Support web site. What is the SQL Server Agent? The SQL Server Agent is responsible for running scheduled jobs, restarting the database service and other administrative operations. Microsoft Security Bulletin MS02-040 - Critical Unchecked Buffer in MDAC Function Could Enable System Compromise (Q326573) Published: July 31, 2002 | Updated: August 20, 2003 Version: 2.0 Originally posted: July 31,