Steven Posted August 1, 2002 Share Posted August 1, 2002 -----BEGIN PGP SIGNED MESSAGE----- - ---------------------------------------------------------------------- Title: Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise (Q326573) Date: 31 July 2002 Software: Microsoft Data Access Components Impact: Run code of attacker's choice Max Risk: Moderate Bulletin: MS02-040 Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/...in/MS02-040.asp. - ---------------------------------------------------------------------- Issue: ====== The Microsoft Data Access Components (MDAC) provide a number of supporting technologies for accessing and using databases. Included among these functions is the underlying support for the T-SQL OpenRowSet command. A security vulnerability results because the MDAC functions underlying OpenRowSet contain an unchecked buffer. An attacker who submitted a database query containing a specially malformed parameter within a call to OpenRowSet could overrun the buffer, either for the purpose of causing the SQL Server to fail or causing the SQL Server service to take actions dictated by the attacker. Mitigating Factors: ==================== - In order to exploit the vulnerability, the attacker would need the ability to load and execute a database query on the server. This is strongly discouraged by best practices, and servers that have been configured to prevent this (e.g., through the use of the DisallowAdhocAccess registry setting, as discussed in the FAQ) would not be at risk from the vulnerability. - Under default conditions, the system-level privileges gained through a successful attack would be those of a Domain User. - Even though MDAC ships as part of all versions of Windows, the vulnerability can only be exploited on SQL Servers. Customers who are not using SQL Server do not need to take action, despite the fact that MDAC may be installed on their systems. Risk Rating: ============ - Internet systems: Moderate - Intranet systems: Moderate - Client systems: None Patch Availability: =================== - A patch is available to fix this vulnerability. Please read the Security Bulletin at http://www.microsoft.com/technet/security/...in/ms02-040.asp for information on obtaining this patch. Acknowledgment: =============== - David Litchfield of Next Generation Security Software Ltd. (http://www.nextgenss.com/) - --------------------------------------------------------------------- Link to comment Share on other sites More sharing options...
Recommended Posts