| VID |
25028 |
| Severity |
40 |
| Port |
1343 |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
The Microsoft SQL Server 2000 has an incorrect registry key permissions vulnerability. Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) 2000 could allow a remote attacker to gain elevated privileges using this vulnerability. The Microsoft SQL Server typically runs under a dedicated "service account" that is defined by system administrators at installation time. This definition is stored in the Windows registry with permissions that allow the SQL Server to change the value of the registry key. As a result, attackers with access to the "xp_regwrite" extended stored procedure can alter this registry key and cause the SQL Server to use the LocalSystem account as its service account.
Upon rebooting the server host or restarting the SQL service, the SQL Server will run with the full administrative privileges of the LocalSystem account. This ability allows a remote attacker to submit SQL queries that can execute any command on the system with the privileges of the operating system.
* Note: This check solely relied on the version number of the remote SQL Server assess this vulnerability, so this might be a false positive.
* References:
http://www.microsoft.com/technet/security/bulletin/ms02-034.asp
http://www.cert.org/advisories/CA-2002-22.html
http://www.kb.cert.org/vuls/id/796313
* Platforms Affected:
Microsoft SQL Server 2000
Microsoft Desktop Engine (MSDE) 2000
Microsoft Windows Any version |
| Recommendation |
Apply the patch for this vulnerability, available from http://support.microsoft.com/support/misc/kblookup.asp?id=Q316333
-- OR --
Install the latest SQL Server 2000 Service Pack, available from http://support.microsoft.com/default.aspx?scid=kb;EN-US;290211 |
| Related URL |
CVE-2002-0642 (CVE) |
| Related URL |
5205 (SecurityFocus) |
| Related URL |
9523 (ISS) |
|
