MS02-040: Unchecked Buffer in MDAC Function Could Enable SQL Server Co


Recommended Posts

-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------

Title: Unchecked Buffer in MDAC Function Could Enable SQL

Server Compromise (Q326573)

Date: 31 July 2002

Software: Microsoft Data Access Components

Impact: Run code of attacker's choice

Max Risk: Moderate

Bulletin: MS02-040

Microsoft encourages customers to review the Security Bulletin at:

http://www.microsoft.com/technet/security/...in/MS02-040.asp.

- ----------------------------------------------------------------------

Issue:

======

The Microsoft Data Access Components (MDAC) provide a number of supporting technologies for accessing and using databases. Included among these functions is the underlying support for

the T-SQL OpenRowSet command. A security vulnerability results

because the MDAC functions underlying OpenRowSet contain an unchecked buffer.

An attacker who submitted a database query containing a specially malformed parameter within a call to OpenRowSet could overrun the buffer, either for the purpose of causing the SQL

Server to fail or causing the SQL Server service to take actions

dictated by the attacker.

Mitigating Factors:

====================

- In order to exploit the vulnerability, the attacker would

need the ability to load and execute a database query on the

server. This is strongly discouraged by best practices, and

servers that have been configured to prevent this (e.g., through

the use of the DisallowAdhocAccess registry setting, as discussed

in the FAQ) would not be at risk from the vulnerability.

- Under default conditions, the system-level privileges gained

through a successful attack would be those of a Domain User.

- Even though MDAC ships as part of all versions of Windows,

the vulnerability can only be exploited on SQL Servers. Customers

who are not using SQL Server do not need to take action, despite

the fact that MDAC may be installed on their systems.

Risk Rating:

============

- Internet systems: Moderate

- Intranet systems: Moderate

- Client systems: None

Patch Availability:

===================

- A patch is available to fix this vulnerability. Please read the

Security Bulletin at

http://www.microsoft.com/technet/security/...in/ms02-040.asp

for information on obtaining this patch.

Acknowledgment:

===============

- David Litchfield of Next Generation Security Software Ltd.

(http://www.nextgenss.com/)

- ---------------------------------------------------------------------

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.