SQL Server Text Formatting Functions Issue

Title: SQL Server Text Formatting Functions Contain unchecked Buffers

Date: 20 December 2001

Software: Microsoft SQL Server 7.0 and Microsoft SQL Server 2000

Impact: Run code of attacker's choice on server, denial of service

Max Risk: Moderate

Bulletin: MS01-060

SQL Server 7.0 and 2000 provide a number of functions that enable

database queries to generate text messages. In some cases, the functions create a text message and store it in a variable; in others, the functions directly display the message. Two vulnerabilities associated with these functions have been discovered.

The first vulnerability results because of a flaw in the functions themselves. Several of the functions don't adequately verify that the requested text will fit into the buffer that's supplied to hold it. A buffer overrun could occur as a result, and could be used either to

run code in the security context of the SQL Server service or to cause the SQL Server service to fail. SQL Server can be configured to run in various security contexts, and by default runs as a domain user. The precise privileges the attacker could gain would depend on the specific security context that the service runs in.

View: MS Security Bulletin ID 01060

Report a problem with article
Previous Story

Trillian 0.71 out!

Next Story

KaZaA ignores court order

0 Comments - Add comment