@stake Advisory: Microsoft SQL Server extended stored procedure vulnerability (A120100-1)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 @stake Inc. www.atstake.com Security Advisory Advisory Name: Microsoft SQL Server extended stored procedure vulnerability Release Date: 12/01/2000 Application: MS SQL Server 7.0 - all service packs MS SQL Server 2000 Platform: Windows NT 4.0 / 2000...

Microsoft SQL Server 7.0/2000 / Data Engine 1.0/2000 - xp_displayparamstmt Buffer Overflow

// source: https://www.securityfocus.com/bid/2030/info The API Srvparaminfo, which is implemented by Extended Stored Procedures XPs in Microsoft SQL Server and Data Engine, is susceptible to a buffer overflow vulnerability which may cause the application to fail or arbitrary code to be executed o...

Microsoft SQL Server 7.02000 Data Engine 1.02000 - xp_showcolv Buffer Overflow

Microsoft SQL Server 7.02000 Data Engine 1.02000 - xpshowcolv Buffer Overflow // source: https://www.securityfocus.com/bid/2038/info The API Srvparaminfo, which is implemented by Extended Stored Procedures XPs in Microsoft SQL Server and Data Engine, is susceptible to a buffer overflow...

Microsoft SQL Server 7.02000 Data Engine 1.02000 - xp_displayparamstmt Buffer Overflow

Microsoft SQL Server 7.02000 Data Engine 1.02000 - xpdisplayparamstmt Buffer Overflow // source: https://www.securityfocus.com/bid/2030/info The API Srvparaminfo, which is implemented by Extended Stored Procedures XPs in Microsoft SQL Server and Data Engine, is susceptible to a buffer overflow...

Microsoft SQL Server 7.02000 Data Engine 1.02000 - xp_peekqueue Buffer Overflow

Microsoft SQL Server 7.02000 Data Engine 1.02000 - xppeekqueue Buffer Overflow // source: https://www.securityfocus.com/bid/2040/info The API Srvparaminfo, which is implemented by Extended Stored Procedures XPs in Microsoft SQL Server and Data Engine, is susceptible to a buffer overflow...

CVE-2000-0485

Microsoft SQL Server allows local users to obtain database passwords via the Data Transformation Service DTS package Properties dialog, aka the "DTS Password" vulnerability...

CVE-2000-0603

Microsoft SQL Server 7.0 allows a local user to bypass permissions for stored procedures by referencing them via a temporary stored procedure, aka the "Stored Procedure Permissions" vulnerability...

CVE-2000-0402

The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator sa account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability...

CVE-2000-0603

Microsoft SQL Server 7.0 allows a local user to bypass permissions for stored procedures by referencing them via a temporary stored procedure, aka the "Stored Procedure Permissions" vulnerability...

CVE-2000-0402

The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator sa account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability...

CVE-2000-0402

The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator sa account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability...

CVE-2000-0485

Microsoft SQL Server allows local users to obtain database passwords via the Data Transformation Service DTS package Properties dialog, aka the "DTS Password" vulnerability...

CVE-2000-0202

Microsoft SQL Server 7.0 and Microsoft Data Engine MSDE 1.0 allow remote attackers to gain privileges via a malformed Select statement in an SQL query...

CVE-2000-0202

Microsoft SQL Server 7.0 and Microsoft Data Engine MSDE 1.0 allow remote attackers to gain privileges via a malformed Select statement in an SQL query...

MS99-059: Microsoft SQL Server Crafted TCP Packet Remote DoS (uncredentialed check)

The remote Microsoft SQL server can be shut down when it is sent a TCP packet containing more than 2 NULLs. An attacker may use this problem to prevent it from being used by legitimate clients, thus threatening your business. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

Microsoft SQL Server 7.07.0 SP1 - NULL Data Denial of Service

Microsoft SQL Server 7.07.0 SP1 - NULL Data Denial of Service // source: https://www.securityfocus.com/bid/817/info If Microsoft SQL Server 7.0 receives a TDS header with three or more NULL bytes as data it will crash. The crash will generate an event in the log with ID 17055 "fatal exception...

Microsoft SQL Server 7.0/7.0 SP1 - NULL Data Denial of Service

// source: https://www.securityfocus.com/bid/817/info If Microsoft SQL Server 7.0 receives a TDS header with three or more NULL bytes as data it will crash. The crash will generate an event in the log with ID 17055 "fatal exception EXCEPTIONACCESS VIOLATION". / sqldos.c -- a DoS attack agains MS...

Microsoft SQL Server TCP/IP Listener Detection

The remote host is running MSSQL, a database server from Microsoft. It is possible to extract the version number of the remote installation from the server pre-login response. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid10144; scriptversion"1.62";...

CVE-1999-1556

Microsoft SQL Server 6.5 uses weak encryption for the password for the SQLExecutiveCmdExec account and stores it in an accessible portion of the registry, which could allow local users to gain privileges by reading and decrypting the CmdExecAccount value...

SQL Server 2019 RTM Cumulative Update (CU) 17 KB5016394

SQL Server 2019 RTM Cumulative Update CU 17 KB5016394...