| VID |
25021 |
| Severity |
40 |
| Port |
1433 |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
The version of SQL Server is detected to allow cached connections to be reused.
MS-SQL Server performs caching of connections in order to optimize performance. A single SQL Query method enables cached administrator connections to be reused when SQL Server is configured to allow standard SQL Server logins. In this case, an attacker could use this method to hijack a cached connection that belongs to an administrator.
Upon the completion of a SQL session, the connection between the client and the database is broken. SQL Server, in order to perform optimally, retains the connection in cache for a short period of time. If a user attempts to reconnect in that short period of time, the cached connection is reused rather than having to create an entirely new connection. This however opens up a security hole that allows an attacker to reuse another user's cached connection.
* Note: This check solely relied on the version number of the remote SQL server to assess this vulnerability, so this might be a false positive.
* Platforms Affected:
Microsoft SQL Server 2000
Microsoft SQL Server 7.0
Microsoft SQL Server 6.x
* References:
http://www.microsoft.com/technet/security/bulletin/MS01-032.asp
http://www.iss.net/security_center/static/6684.php |
| Recommendation |
Install the latest service pack or hotfix to prevent this issue. To verify what version of SQL Server you have installed, run the following command against the database:
SELECT @@Version
For SQL Server 7.0 the version should be 7.00.996 or greater and for SQL Server 2000 the version should be 8.00.296 or greater.
For SQL Server 2000:
Apply one of the following:
- Install the latest SQL Server 2000 Service Pack (Service Pack 3 or later)
- Hot fix 80296
For SQL Server 7.0:
Apply one of the following:
- Install the latest SQL Server 7.0 Service Pack (Service Pack 4 or later)
- Hot fix 70996
These files can be downloaded from:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q299717
For SQL Server 6.x:
No fix is available for SQL Server 6.x. For these version of SQL Server, it is recommended that you upgrade to a more recent version of SQL Server. |
| Related URL |
CVE-2001-0344 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
