| VID |
25026 |
| Severity |
40 |
| Port |
1433 |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
The Cumulative Patch KB815495 for the Microsoft SQL Server has not been applied.
This cumulative patch includes the functionality of all previously released patches for SQL Server 7.0, SQL Server 2000, MSDE 1.0, and MSDE 2000. In addition, it eliminates three newly discovered vulnerabilities.
- Named Pipe Hijacking (Privilege Elevation)
- Named Pipe Denial of Service
- SQL Server Buffer Overrun (Local only)
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.microsoft.com/technet/security/bulletin/ms03-031.asp
http://www.atstake.com/research/advisories/2003/a072303-2.txt
http://www.atstake.com/research/advisories/2003/a072303-3.txt
* Platforms Affected:
Microsoft SQL Server 2000 64 bit (all editions)
Microsoft SQL Server 2000 (all editions) SP3
Microsoft SQL Server 2000 (all editions) SP3a
Microsoft SQL Server 7.0 Service Pack 4
Microsoft SQL Server 2000 Desktop Engine (MSDE) SP3
Microsoft Data Engine (MSDE) 1.0
Microsoft Data Engine (MSDE) 1.0 SP4 |
| Recommendation |
Apply the appropriate patch for your system, as listed in Microsoft's security bulletin MS03-031 at http://www.microsoft.com/technet/security/bulletin/ms03-031.asp
For Microsoft SQL Server 7.0:
http://microsoft.com/downloads/details.aspx?FamilyId=FE5B0892-A5C9-44C2-9B42-0D291E9C1636&displaylang=en
For Microsoft SQL 2000 32-bit Edition:
http://microsoft.com/downloads/details.aspx?FamilyId=9814AE9D-BD44-40C5-ADD3-B8C99618E68D&displaylang=en
For Microsoft SQL 2000 64-bit Edition:
http://microsoft.com/downloads/details.aspx?FamilyId=72336508-057A-4E86-8F2E-CB1BD3A6A44B&displaylang=en
-- OR --
Patches for Windows platforms are also available from the Microsoft Windows Update Web site, http://windowsupdate.microsoft.com . Windows Update detects what version of Windows you are running and offers the appropriate patch. |
| Related URL |
CVE-2003-0230,CVE-2003-0231,CVE-2003-0232 (CVE) |
| Related URL |
8261 (SecurityFocus) |
| Related URL |
(ISS) |
|
