Reported December 20, 2001, by @Stake.

VERSIONS AFFECTED

 

  • Microsoft SQL Server 2000

  • Microsoft SQL Server 7.0 

 

DESCRIPTION
Multiple vulnerabilities exist in Microsoft SQL Server 2000 and 7.0. The first vulnerability is a result of several functions that let the SQL database generate text messages. By not adequately verifying that the text fits into the allocated buffer space, a buffer overrun can result using the service's security context.

 

The second vulnerability results because of a format string error in the C runtime functions that SQL Server calls when you install the software on Windows XP, Windows 2000, and Windows NT 4.0 systems. An attacker can use this vulnerability to cause a Denial of Service (DoS) condition. Users can learn specific details about these vulnerabilities on the discoverer’s Web site.

 

VENDOR RESPONSE

The vendor, Microsoft, has released Security Bulletin MS01-060 to address these vulnerabilities and recommends that affected users immediately apply the patches provided with the bulletin. Microsoft cautions users about the risk of applying the C runtime patch—if a regression error were to result from applying the patch, the results might be widespread and damaging.

 

CREDIT
Discovered by Chris Anley and Chris Wysopal of @Stake.