Microsoft Security Bulletin MS02-039 for Windows Free Download in Database Software Tag

Audio Software  Disk & File Software  Video Players  Networking Software  Database Management Software  Graphic Design Software  3D Modeling Software  Developer Tools  Video Software  Privacy Software & Access control  Wireless Networking Software  Digital Photo Software  Communication Software  CAD Software  Database Software  Business & Office Software  Internet Software  System Utilities  Educational & Science Software  Security Software  Games 
Search by Category
Audio Software
Business & Office Software
CD & DVD Software
Communication Software
Desktop Enhancements
Developer Tools
Basic, VB, VB .Net
Bug Tracking Software
C, C++, C#
Code Editors
Components & Libraries
Database Management Software
Database Software
Debugging Software
Developer Tutorials
IDE Software & SDK
Interpreters & Compilers
Java Software
Localization & Internationalization Software
Programming Software
Quality Assurance and Testing Software
Digital Photo Software
Disk & File Software
Educational & Science Software
Entertainment & Hobby Software
Graphic Design Software
Home & Family Software
Internet Software
iTunes & iPod Software
Networking Software
Productivity Software
Security Software
System Utilities
Travel & Navigation Software
Video Software
Web Development Software

Microsoft Security Bulletin MS02-039

Microsoft Security Bulletin MS02-039
Version: Q323875
Platforms: Windows

Categories: Developer Tools
Upload Date: 29 Oct 15
Developer: Microsoft
Distribution Type: Freeware
Downloads: 0
File Size: 163 Kb
Free Download Microsoft Security Bulletin MS02-039 

Rating: 0.0/5 (Total votes: 0)


SQL Server 2000 introduces the ability to host multiple instances of SQL Server on a single physical machine. Each instance operates for all intents and purposes as though it was a separate server. However, the multiple instances cannot all use the standard SQL Server session port (TCP 1433). While the default instance listens on TCP port 1433, named instances listen on any port assigned to them. The SQL Server Resolution Service, which operates on UDP port 1434, provides a way for clients to query for the appropriate network endpoints to use for a particular SQL Server instance. There are three security vulnerabilities here. The first two are buffer overruns. By sending a carefully crafted packet to the Resolution Service, an attacker could cause portions of system memory (the heap in one case, the stack in the other) to be overwritten. Overwriting it with random data would likely result in the failure of the SQL Server service; overwriting it with carefully selected data could allow the attacker to run code in the security context of the SQL Server service. The third vulnerability is a denial of service vulnerability. SQL uses a keep-alive mechanism to distinguish between active and passive instances. It is possible to create a keep-alive packet that, when sent to the Resolution Service, will cause SQL Server 2000 to respond with the same information. An attacker who created such a packet, spoofed the source address so that it appeared to come from a one SQL Server 2000 system, and sent it to a neighboring SQL Server 2000 system could cause the two systems to enter a never-ending cycle of keep-alive packet exchanges. This would consume resources on both systems, slowing performance considerably. Mitigating factors: Buffer Overruns in SQL Server Resolution Service:

  • SQL Server 2000 runs in a security context chosen by the administrator at installation time. By default, it runs as a Domain User. Thus, although the attacker's code could take any desired action on the database, it would not necessarily have significant privileges at the operating system level if best practices have been followed.
  • The risk posed by the vulnerability could be mitigated by, if feasible, blocking port 1434 at the firewall.

Denial of Service via SQL Server Resolution Service:

  • An attack could be broken off by restarting the SQL Server 2000 service on either of the affected systems. Normal processing on both systems would resume once the attack ceased.
  • The vulnerability provides no way to gain any privileges on the system. It is a denial of service vulnerability only.



  • Windows 2000


Like it? Share with your friends!   

Other Windows Software of Developer «Microsoft»:

Visual Studio 6.0 SamplesVisual Studio 6.0 Samples
Visual Studio includes hundreds of samples, large and small, demonstrating key technologies and programming techniques. Every tool in the Visual Studio suite includes product-specific samples, which you can explore using this download. This version is the
Microsoft Office Visio Professional 2010Microsoft Office Visio Professional 2010
The advanced diagramming tools of Visio 2010 help you simplify complexity with dynamic, data-driven visuals and new ways to share on the Web in real-time. Together, simplicity, data-driven shapes, and Web sharing make Visio 2010 one of the most powerful wa
PerformancePoint Server 2007 Evaluation Version (x64)PerformancePoint Server 2007 Evaluation Version (x64)
PerformancePoint Server 2007 is an integrated performance management application that allows customers to monitor, analyze, and plan their business as well as drive alignment, accountability, and actionable insight across the entire organization. Performan
Managed COM Add-In ShimManaged COM Add-In Shim
This sample demonstrates how to securely install and deploy managed COM add-ins in Microsoft Office XP. This article also describes how to build unmanaged COM add-in proxies called shims in both Microsoft Visual Basic 6.0 and Microsoft Visual C++ and how t
Urlscan 2.5 Install PackageUrlscan 2.5 Install Package
UrlScan 2.5 is a security tool that restricts the types of requests that Internet Information Services (IIS) 4.0 and later will process. This version is the first release on CNET is new in this release:This version is the first release on
Windows 7 Professional UpgradeWindows 7 Professional Upgrade
Connect to company networks easily and more securely and share files across the various PCs in your home. In addition, you can run many Windows XP productivity programs in Windows XP Mode and recover your data easily with automatic back-ups to your home or
Visual Studio Team System 2008 Team ExplorerVisual Studio Team System 2008 Team Explorer
Microsoft Visual Studio Team System 2008 Team Explorer can be used as a standalone rich client for accessing Visual Studio Team System 2008 Team Foundation Server. It enables users to join the software development life cycle with integrated support for sou
Microsoft Expression Design Portfolio Starter KitMicrosoft Expression Design Portfolio Starter Kit
The Design Portfolio starter kit provides you a taste of the great Web design that is possible when using standards like XHTML and CSS along with the innovative support of ASP.NET 2.0 controls which help you create dynamic Web sites.This starter kit uses A
Project 2003: Project Renamer PDS ExtenderProject 2003: Project Renamer PDS Extender
Includes the Microsoft Visual Basic 6.0 source code and compiled DLL files for the Project Renamer extender for the Project Data Service (PDS). The download includes the compiled ProjectRenamer.dll, and the Visual Basic 6.0 source code for the Project Rena
Service Pack 1 for Business Contact Manager Update and Small Business AccountingService Pack 1 for Business Contact Manager Update and Small Business Accounting
Service Pack 1 for Business Contact Manager Update and Small Business Accounting provides the latest updates to Microsoft Office Small Business Accounting 2006 and Microsoft Office Outlook 2003 with Business Contact Manager Update. This Service Pack contai

» show all

Similar Applications:

OraDump to MSSQLOraDump to MSSQL
OraDump to MSSQL is a program to convert Oracle dump files into MS SQL database. Depending on your privileges on the target MS SQL server you can export Oracle data into new database or overwrite the contents of existing MS SQL database.Limitations:Limited
Database Application Builder Free EditionDatabase Application Builder Free Edition
Database Application Builder is a tool for creating database applications without writing any code. And you don't have to be a software programmer to do it. With its intuitive integrated development environment (IDE) and drag-and-drop objects, it's quick t
DTM Schema Reporter ProfessionalDTM Schema Reporter Professional
DTM Schema Reporter, as the name implies, is a reporting tool for database schema. This utility helps technical writers and database administrators create a report of any complexity level within seconds. And importantly, it supports all common database i
ADO based database query and report writer application. Results are displayed on grids and user can run simultaneous queries against multiple databases. Data can be formatted, totaled, exported, updated, sorted, filtered and printed. Query definitions can
With designPropEZ, see the properties for all the design elements. Automate the Design Source flag options for all your databases, stop going through each of them manually. Create batch documents and automate this process for all your databases.What is new
Kentico Compare SQLKentico Compare SQL
Kentico Compare SQL allows developers and administrators to easily compare the schema of database tables, stored procedures, views, and functions and find differences. It works with MSSQL 2000 and 2005.Requirements:Windows 2000/XP/2003 ServerLimitations:7-
Matrix Embeddable Database EngineMatrix Embeddable Database Engine
Matrix Embeddable Database Engine is a pure Java embeddable database engine. Targeted towards Java applications where quick and seamless persistence and retrieval of objects are required. Matrix Embeddable Database Engine comes loaded with features: Class
SQL Data Manager StudioSQL Data Manager Studio
With the SQL Data Manager Studio, you create sequential and procedural database programs (scripts), query and input masks in just a few minutes. Put SQL snippets together to programs and paste anywhere in the program your customized input screens (Windows
Data Synchronisation Studio (32-Bit)Data Synchronisation Studio (32-Bit)
Data Synchronisation Studio (32-Bit) simplifies the process of Export and Import and empowers the user to make changes immediately see the results and fine tune the process all without system downtime. You can publish Business Data directly to SharePoint L
Ariacom Business ReportsAriacom Business Reports
Ariacom Business Reports is a database reporting and multi-dimensional analysis tool with dynamic SQL generation. Non-technical end-users can run and edit complex reports from any SQL relational database. The product is able to meet a whole range of r

Supported Operating Systems:
Windows 2000 | 

Comments on :

Comments not found



Enter text from image below:

Turn on images!


Windows Software - Free Windows Downloads, Apps, Games, Freeware, Skype, Media Player, Antivirus, Gimp, Live, Starter for Windows XP, Vista, 7, 8, 10

© Pantich 2016 all rights reserved