| VID |
25009 |
| Severity |
40 |
| Port |
1433 |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
The Microsoft SQL Server contains some default accounts. If the sa account is left with a blank password, any user can act as administrator on the SQL server. An authorized user who has gained access to the sa account can also execute arbitrary commands on the system with whatever user privileges the Microsoft SQL services are running under, through the use of various procedures such as xp_cmdshell().
This vulnerability is exploited by the Cblade worm and the SQL Spida worm.
* References:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q322336
http://www.iss.net/security_center/static/7610.php
http://www.kb.cert.org/vuls/id/635463
http://www.iss.net/security_center/static/9124.php
http://marc.theaimsgroup.com/?l=bugtraq&m=96333895000350&w=2
http://security-archive.merton.ox.ac.uk/bugtraq-200008/0233.html
http://support.microsoft.com/default.aspx?scid=kb;[LN];Q313418
http://www.iss.net/security_center/alerts/advise118.php
http://support.microsoft.com/support/kb/articles/Q274/7/73.ASP
http://www.securiteam.com/windowsntfocus/5EP0O0K2AS.html
http://www.securityfocus.com/bid/4797
http://www.iss.net/security_center/static/1459.php
* Platforms Affected:
Microsoft SQL Server Any version
Microsoft Data Engine Any version |
| Recommendation |
Configure a password for the default account that is difficult to guess. You can use the sp_password stored procedure from the SQL query window to set up a password. For example, to set the SA password from NULL to "complexpwd", you can use code similar to:
exec sp_password NULL,'complexpwd','sa' |
| Related URL |
CVE-2000-1209 (CVE) |
| Related URL |
4797 (SecurityFocus) |
| Related URL |
1459 (ISS) |
|
