SQL Server 2000 introduces the ability to host multiple instances of SQL Server on a single physical machine. Each instance operates for all intents and purposes as though it was a separate server. However, the multiple instances cannot all use the standard SQL Server session port (TCP 1433). While the default instance listens on TCP port 1433, named instances listen on any port assigned to them. The SQL Server Resolution Service, which operates on UDP port 1434, provides a way for clients to query for the appropriate network endpoints to use for a particular SQL Server instance. There are three security vulnerabilities here. The first two are buffer overruns. By sending a carefully crafted packet to the Resolution Service, an attacker could cause portions of system memory (the heap in one case, the stack in the other) to be overwritten. Overwriting it with random data would likely result in the failure of the SQL Server service; overwriting it with carefully selected data could allow the attacker to run code in the security context of the SQL Server service. The third vulnerability is a denial of service vulnerability. SQL uses a keep-alive mechanism to distinguish between active and passive instances. It is possible to create a keep-alive packet that, when sent to the Resolution Service, will cause SQL Server 2000 to respond with the same information. An attacker who created such a packet, spoofed the source address so that it appeared to come from a one SQL Server 2000 system, and sent it to a neighboring SQL Server 2000 system could cause the two systems to enter a never-ending cycle of keep-alive packet exchanges. This would consume resources on both systems, slowing performance considerably. Mitigating factors: Buffer Overruns in SQL Server Resolution Service:
SQL Server 2000 runs in a security context chosen by the administrator at installation time. By default, it runs as a Domain User. Thus, although the attacker's code could take any desired action on the database, it would not necessarily have significant privileges at the operating system level if best practices have been followed.
The risk posed by the vulnerability could be mitigated by, if feasible, blocking port 1434 at the firewall.
Denial of Service via SQL Server Resolution Service:
An attack could be broken off by restarting the SQL Server 2000 service on either of the affected systems. Normal processing on both systems would resume once the attack ceased.
The vulnerability provides no way to gain any privileges on the system. It is a denial of service vulnerability only.
Like it? Share with your friends!
Other Windows Software of Developer «Microsoft»:
Microsoft .NET Framework Redistributable 1.0 The Microsoft .NET Framework includes everything you need to run .NET Framework applications, including the Common Language Runtime, the .NET Framework class library, and ASP.NET. This version is the first release on CNET Download.com.What is new in this r
Administration Pack for IIS (WPI) The IIS 7.0 Administration Pack adds to the set of management features that ship with IIS 7.0 to include Administration UI support for ASP.NET authorization, custom errors, FastCGI configuration, Request Filtering and much more. The Administration Pack als
Security Update for Excel 2002 (KB905755) A security vulnerability exists in Microsoft Excel 2002 that could allow arbitrary code to run when opening a malicious document. This update addresses that vulnerability. This version is the first release on CNET Download.com.What is new in this release:T
Microsoft Pro Photo Shoot (Outlook 2003) Microsoft Pro Photo Shoot is a new software add-in for Microsoft Office Outlook that allows photographers to add details of the client and equipment for a photo shoot appointment in Outlook. This allows photographers to greater leverage the power of Outloo
Microsoft Commerce Server 2007 Migration Guide The Commerce Server 2007 Migration Guide contains information on migrating from Microsoft Commerce Server 2000, Microsoft Commerce Server 2002, or Microsoft Commerce Server 2002 Feature Pack 1 (FP1) to Commerce Server 2007. This version is the first releas
Microsoft Dynamics CRM 3.0 Data Migration Pack The Data Migration Pack includes two tools for migrating data to Microsoft Dynamics CRM 3.0: Data Migration Wizard for Microsoft Office Outlook with Business Contact Manager, for migrating data from Outlook with Business Contact Manager to Microsoft CRM 3.
Money 2002 Update Synchronisation Upgrade (UK) In August 2002 a new version of MSN Money was launched. This resulted in Microsoft Money 2002 being unable to correctly synchronize its portfolio with an MSN Money portfolio. This patch will upgrade the UK edition of Microsoft Money 2002 and restore compat
Office Business Applications Momentum Book Read the success stories in this book to see how companies have created Office Business Applications (OBAs) to develop and strengthen customer relationships, create innovative products and services, improve operations, reduce costs, and build higher value
dbForge Fusion for MySQL, RAD Studio 2009 Add-in dbForge Fusion for MySQL, is a powerful add-in designed to simplify the MySQL database application development process. It integrates into Visual Studio, making all database development and administration tasks available from your favorite IDE. It provides
Export Table to Text for DB2 Professional Export table to Text is an easy to use tool that allows you to export data rows from selected table to text file. This program supports all modern versions of IBM DB2 database systems. Easy to learn and use wizard interface. It features delimited or fixed
MySQL MS SQL Server Import, Export & Convert Software This software offers a solution to users who want to transfer tables and queries between their MySQL and MS SQL Server databases. This software will generate the necessary SQL commands for importing and exporting for you. There is an advanced feature for c
Simple Query Simple Query is a set native of Delphi/VCL classes, components and controls that provides an ability to include end-user-oriented query builder into your Win32 application and allows your users to describe their requests in native language instead of SQL,
Toolverse Data Explorer ETL Edition Toolverse Data Explorer ETL Edition is a complete end-to-end solution for database development, data discovery, data migration, data integration and extract-transform-load. It runs on all major platforms, including Web browsers, and supports a wide range o
Db Query Tool This easy to use tool allows you to connect to any Microsoft SQL database and browse or modify data. Db Query Tool can be used by a novice, but will be invaluable to any database profession. It aids in finding, analyzing, viewing, and examining data. You c
DatAdmin Personal DatAdmin Personal provides easy and quick database administration, natively supports MSSQL, MySQL, SQLite, Postgre SQL, and MS Access. Also can be used to create and restoring backups, transfer data between databases, tables or files (supported formats are
DBACentral for MySQL DBACentral for MySQL is a unique solution for database administration, development and data management. DBACentral for MySQL provides you with easy-to-use graphical user interface for executing all database operations: database structure management, table
SQLData Express for Sybase ASE to SQL Server SQLData is a scalable, high performance data transfer, schema conversion and validation tool for Sybase Adaptive Server Enterprise to Microsoft SQL Server and SQL Azure migration.The tool allows you to move and validate the migration of large volumes of da
Supported Operating Systems:
Windows 2000 |
Comments on Microsoft Security Bulletin MS02-039:
Comments not found
Windows Software - Free Windows Downloads, Apps, Games, Freeware, Skype, Media Player, Antivirus, Gimp, Live, Starter for Windows XP, Vista, 7, 8, 10