Multiple bugs in Microsoft SQL Server (multiple bugs)

Buffer overflows in OpenDataSource, OPENROWSET, pwdencrypt and xpdirtree. Weak registry permissions, weak password enbcryption...

CVE-2002-1138

Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine MSDE 1.0 and Microsoft Desktop Engine MSDE 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File...

CVE-2002-1137

Buffer overflow in the Database Console Command DBCC that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine MSDE 1.0 and Microsoft Desktop Engine MSDE 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data...

CVE-2002-1123

Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine MSDE 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow...

CVE-2002-0982

Microsoft SQL Server 2000 SP2, when configured as a distributor, allows attackers to execute arbitrary code via the @scriptfile parameter to the spMScopyscript stored procedure...

CVE-2002-0721

Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via 1 xpexecresultset, 2...

CVE-2002-0859

Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code...

Microsoft SQL Server Stored procedures [sp_MSSetServerPropertiesn and sp_MSsetalertinfo] (#NISR03092002A)

NGSSoftware Insight Security Research Advisory Name: spMSSetServerPropertiesn and spMSsetalertinfo Systems: Microsoft SQL Server 2000 Severity: Low Risk Category: Configuration Vendor URL: http://www.microsoft.com/ Author: David Litchfield [email protected] Advisory URL:...

CVE-2002-0982

Microsoft SQL Server 2000 SP2, when configured as a distributor, allows attackers to execute arbitrary code via the @scriptfile parameter to the spMScopyscript stored procedure...

Arbitrary Command Execution on Distributor SQL Server 2000 machines (#NISR22002002A)

NGSSoftware Insight Security Research Advisory Name: Arbitrary Command Execution on SQL Server 2000 Systems: Microsoft SQL Server 2000 SP 2 Severity: High Risk for Distributor servers Category: Arbitrary Command Execution Vendor URL: http://www.microsoft.com/ Author: David Litchfield...

CVE-2002-0721

Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via 1 xpexecresultset, 2...

CVE-2002-0721

The CVE-2002-0721 issue affects Microsoft SQL Server 7.0 and 2000 where extended stored procedures with weak permissions (xp_execresultset, xp_printstatements, xp_displayparamstmt) can allow an unprivileged user to execute procedures with administrator privileges. CERT advisories describe the ris...

Microsoft SQL Server Extended Stored Procdure privilege upgrade vulnerabilities (#NISR15002002A)

NGSSoftware Insight Security Research Advisory Name: Extended Stored Procedure Privilege Upgrade Systems: Microsoft SQL Server 2000 and 7 Severity: High Risk Category: Privilege Escalation Vendor URL: http://www.microsoft.com/ Author: David Litchfield [email protected] Advisory URL:...

Microsoft Windows SQL Server allows arbitrary queries to be executed via "xp_displayparamstmt" extended procedure

Overview MS SQL Server contains an extended stored procedure with inappropriate permission settings. Description Microsoft SQL Server 7.0 and Microsoft SQL Server 2000 contain an extended stored procedure, xpdisplayparamstmt , that permits an unprivileged user of a database to gain administrative...

Microsoft SQL 2000/7.0 - Agent Jobs Privilege Escalation

source: https://www.securityfocus.com/bid/5483/info Microsoft SQL Server 2000 uses an Agent which is responsible for restarting the SQL Server service, replication, and running scheduled jobs. Some of the jobs that the Agent executes have weak permissions, which could allow a user with low...

Microsoft SQL 20007.0 - Agent Jobs Privilege Escalation

Microsoft SQL 20007.0 - Agent Jobs Privilege Escalation source: https://www.securityfocus.com/bid/5483/info Microsoft SQL Server 2000 uses an Agent which is responsible for restarting the SQL Server service, replication, and running scheduled jobs. Some of the jobs that the Agent executes have we...

CVE-2000-1209

The "sa" account is installed with a default null password on 1 Microsoft SQL Server 2000, 2 SQL Server 7.0, and 3 Data Engine MSDE 1.0, including third party packages that use these products such as 4 Tumbleweed Secure Mail MMS 5 Compaq Insight Manager, and 6 Visio 2000, which allows remote...

CVE-2002-0644

Buffer overflow in several Database Consistency Checkers DBCCs for Microsoft SQL Server 2000 and Microsoft Desktop Engine MSDE 2000 allows members of the dbowner and dbddladmin roles to execute arbitrary code...

CVE-2000-1209

The "sa" account is installed with a default null password on 1 Microsoft SQL Server 2000, 2 SQL Server 7.0, and 3 Data Engine MSDE 1.0, including third party packages that use these products such as 4 Tumbleweed Secure Mail MMS 5 Compaq Insight Manager, and 6 Visio 2000, which allows remote...

CVE-2002-0650

The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service bandwidth consumption via a "ping" style packet to the Resolution Service UDP port 1434 with a spoofed IP address of another SQL Server system, which causes the two servers to exchange...