Microsoft SQL Server contains buffer overflows in several Database Consistency Checkers

Overview

Microsoft SQL Server ships with several administrative tools that allow database users to elevate their administrative privileges from a single database to all databases on the server.

Description

Microsoft SQL Server ships with several utilities known as Database Consistency Checkers (DBCCs). According to Microsoft Security Bulletin MS02-038, “DBCCs are command console utilities that allow maintenance and other operations to be performed on a SQL server.” An unspecified subset of the DBCC utilities contain buffer overflows that allow users who have db_owner or db_ddladmin privileges on a single database to elevate their administrative privileges to the entire SQL server.

---

Impact

This vulnerability allows remote attackers to execute arbitrary code with the privileges of the SQL service account. If the privileges of the service account are elevated via VU#796313, this vulnerability may result in compromise of the server host.

---

Solution

Apply a patch

Microsoft has published Security Bulletin MS02-038 to address this vulnerability. For more information, please see

http://www.microsoft.com/technet/security/bulletin/ms02-038.asp

This vulnerability also affects any products that include the Microsoft Desktop Engine (MSDE) 2000. For more information, please see

http://www.microsoft.com/technet/security/MSDEapps.asp

---

Vendor Information

279323

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Microsoft Corporation __ Affected

Notified: July 24, 2002 Updated: July 25, 2002

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Microsoft has published Security Bulletin MS02-038 to address this vulnerability. For more information, please see

http://www.microsoft.com/technet/security/bulletin/ms02-038.asp

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23279323 Feedback>).

CVSS Metrics

Group	Score	Vector
Base
Temporal
Environmental

References

• <http://www.microsoft.com/technet/security/bulletin/ms02-038.asp&gt;
• <http://support.microsoft.com/support/misc/kblookup.asp?id=Q316333&gt;
• <http://www.microsoft.com/technet/prodtechnol/sql/maintain/security/sql2ksec.asp&gt;
• <http://online.securityfocus.com/bid/5307&gt;

Acknowledgements

This vulnerability was reported to Microsoft by Cesar Cerrudo.

This document was written by Jeffrey P. Lanza and is based upon information provided by Microsoft.

Other Information

CVE IDs:	CVE-2001-0644
Severity Metric:	8.86 Date Public: