Microsoft SQL Server Non-Validated Query Vulnerability
BID:1041
Info
Microsoft SQL Server Non-Validated Query Vulnerability
| Bugtraq ID: | 1041 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Mar 08 2000 12:00AM |
| Updated: | Mar 08 2000 12:00AM |
| Credit: | Reported to Microsoft by Sven Hammesfahr. Publicized in a Microsoft Security Bulletin released on March 8, 2000. |
| Vulnerable: |
Microsoft SQL Server 7.0 Microsoft Data Engine (MSDE) 1.0 |
| Not Vulnerable: | |
Discussion
Microsoft SQL Server Non-Validated Query Vulnerability
Microsoft SQL Server 7.0 and Data Engine (an SQL-compatible add-on for Access 2000 and Visual Studio 6.0) will accept SQL queries that can lead to compromise of the database or the underlying operating system.
It is possible for any SQL-authenticated user to pass commands through SQL SELECT statements that will be run at the privilege level of the database owner or administrator.
Microsoft SQL Server 7.0 and Data Engine (an SQL-compatible add-on for Access 2000 and Visual Studio 6.0) will accept SQL queries that can lead to compromise of the database or the underlying operating system.
It is possible for any SQL-authenticated user to pass commands through SQL SELECT statements that will be run at the privilege level of the database owner or administrator.
Exploit / POC
Microsoft SQL Server Non-Validated Query Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Microsoft SQL Server Non-Validated Query Vulnerability
Solution:
Microsoft has released a patch for this issue, available at the following location:
http://www.microsoft.com/downloads/release.asp?ReleaseID=19132
Note that the patch will not work on SQL Servers with the Beta version of SP2 installed.
Microsoft Data Engine (MSDE) 1.0
Microsoft SQL Server 7.0
Solution:
Microsoft has released a patch for this issue, available at the following location:
http://www.microsoft.com/downloads/release.asp?ReleaseID=19132
Note that the patch will not work on SQL Servers with the Beta version of SP2 installed.
Microsoft Data Engine (MSDE) 1.0
-
Microsoft Q256052
Alpha Version
http://download.microsoft.com/download/sql70/Patch/2000.3.1.0/NT4ALPHA /EN-US/s70780a.exe -
Microsoft Q256052
Intel Version
http://download.microsoft.com/download/sql70/Patch/2000.3.1.0/NT4ALPHA /EN-US/s70780i.exe
Microsoft SQL Server 7.0
-
Microsoft Q256052
Alpha Version
http://download.microsoft.com/download/sql70/Patch/2000.3.1.0/NT4ALPHA /EN-US/s70780a.exe -
Microsoft Q256052
Intel Version
http://download.microsoft.com/download/sql70/Patch/2000.3.1.0/NT4ALPHA /EN-US/s70780i.exe
References
Microsoft SQL Server Non-Validated Query Vulnerability
References:
References:
- Frequently Asked Questions: Microsoft Security Bulletin MS00-014 (Microsoft)
- SQL Server security hole (Sven Hammesfahr)