Multiple bugs in Microsoft SQL Server

Buffer overflow in LPC request, DoS via RPC request, named pipe impersonalization...

Microsoft SQL Server contains flaw in checking method for the named pipe

Overview A vulnerability in Microsoft SQL Server may allow an attacker to hijack a named pipe. An attacker may be able to leverage this vulnerability to gain elevated privileges. Description Microsoft describes a named pipe as, "a specifically named one-way or two-way channel for communication...

Microsoft Security Bulletin MS03-031: Cumulative Patch for Microsoft SQL Server (Q815495)

-----BEGIN PGP SIGNED MESSAGE----- - ----------------------------------------------------------------- Title: Cumulative Patch for Microsoft SQL Server 815495 Date: 23 July 2003 Software: - Microsoft SQL Server 7.0 - Microsoft Data Engine MSDE 1.0 - Microsoft SQL Server 2000 - Microsoft SQL Serve...

Microsoft SQL Server 7.0/2000 / MSDE - Named Pipe Denial of Service (MS03-031)

source: https://www.securityfocus.com/bid/8274/info Microsoft SQL Server and the Microsoft Data Engine have been reported prone to a denial of service attack. Any local or remote user, who can authenticate and is part of the Everyone Group, may trigger a denial of service condition in an affected...

Microsoft SQL Server 7.02000 MSDE - Named Pipe Denial of Service (MS03-031)

Microsoft SQL Server 7.02000 MSDE - Named Pipe Denial of Service MS03-031 source: https://www.securityfocus.com/bid/8274/info Microsoft SQL Server and the Microsoft Data Engine have been reported prone to a denial of service attack. Any local or remote user, who can authenticate and is part of th...

CVE-2003-0496

CVE-2003-0496: Affected software is Microsoft SQL Server on Windows 2000 prior to SP4. By passing a named pipe as an argument to xp_fileexist, a local attacker can impersonate the SQL Server service account due to CreateFile/Named Pipe behavior. Impact is local privilege escalation to the SQL Ser...

CVE-2003-0496

Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xpfileexist extended stored procedure with a named pipe as an argument instead of a normal file...

Named Pipe Filename Local Privilege Escalation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 @stake, Inc. www.atstake.com Security Advisory Advisory Name: Named Pipe Filename Local Privilege Escalation Release Date: 07/08/2003 Application: Microsoft SQL Server Platform: Windows NT/2000/XP Severity: Local privilege escalation Author: Andreas...

Microsoft SQL Server 7.02000 JET Database Engine 4.0 - Buffer Overrun

Microsoft SQL Server 7.02000 JET Database Engine 4.0 - Buffer Overrun source: https://www.securityfocus.com/bid/7541/info Microsoft SQL Server is prone to an exploitable buffer overrun vulnerability via the Jet Database Engine. This can occur while the JET 4.0 OLE DB data provider is querying dat...

Microsoft SQL Server 7.0/2000 JET Database Engine 4.0 - Buffer Overrun

source: https://www.securityfocus.com/bid/7541/info Microsoft SQL Server is prone to an exploitable buffer overrun vulnerability via the Jet Database Engine. This can occur while the JET 4.0 OLE DB data provider is querying data supplied via a remote source and is due to insufficient bounds...

CVE-2002-0859

Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code...

CVE-2002-0187

Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag."...

CVE-2002-0186

CVE-2002-0186 describes a buffer overflow in the Microsoft SQLXML ISAPI extension for SQL Server 2000. The flaw arises from inadequate validation of the contenttype parameter in SQLXML HTTP requests, allowing a remote attacker to trigger a crash or execute arbitrary code (the extension runs with ...

CVE-2002-0650

CVE-2002-0650 affects Microsoft SQL Server 2000’s Resolution Service on UDP port 1434. A forged ping from one server to another (both using 1434) can trigger the Resolution Service to exchange referrals/pings in an infinite loop, causing a denial of service (bandwidth/resource exhaustion) between...

CVE-2002-0859

CVE-2002-0859 describes a buffer overflow in the OpenDataSource function of the Jet engine used by Microsoft SQL Server 2000. The vulnerability permits remote attackers to execute arbitrary code, affecting the system via the Jet engine component. The available records indicate the issue arises fr...

CVE-2002-0650

The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service bandwidth consumption via a "ping" style packet to the Resolution Service UDP port 1434 with a spoofed IP address of another SQL Server system, which causes the two servers to exchange...

Microsoft SQL Server 2000 Vulnerabilities in Cisco Products - MS02-061

...

Microsoft SQL Server Detection (credentialed check)

Nessus has detected one or more installs of Microsoft SQL server by examining the registry and file systems on the remote host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if description scriptid11217; scriptversion"1.157";...

MS02-061: Microsoft SQL Server Multiple Vulnerabilities (uncredentialed check)

The remote MS SQL server is affected by several overflows that could be exploited by an attacker to gain SYSTEM access on that host. Note that a worm sapphire is exploiting these vulnerabilities in the wild. C Tenable Network Security, Inc. ping code taken from mssqlping by H D Moore MS02-061...

CVE-2002-1872

Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption XOR, which allows remote attackers to sniff and decrypt the password...