Microsoft Security Bulletin MS02-039 for Windows Free Download in Database Software Tag

     
Tags
Digital Photo Software  Graphic Design Software  Business & Office Software  CAD Software  Communication Software  Security Software  Games  System Utilities  Developer Tools  Video Software  Database Management Software  Networking Software  3D Modeling Software  Disk & File Software  Audio Software  Drivers  Wireless Networking Software  Internet Software  Privacy Software & Access control  Educational & Science Software  Video Players 
Search by Category
Audio Software
Browsers
Business & Office Software
CD & DVD Software
Communication Software
Desktop Enhancements
Developer Tools
.NET
ActiveX
Basic, VB, VB .Net
Bug Tracking Software
C, C++, C#
Code Editors
Components & Libraries
Database Management Software
Database Software
Debugging Software
Developer Tutorials
IDE Software & SDK
Installers
Interpreters & Compilers
Java Software
Localization & Internationalization Software
Programming Software
Quality Assurance and Testing Software
Digital Photo Software
Disk & File Software
Drivers
Educational & Science Software
Entertainment & Hobby Software
Games
Graphic Design Software
Home & Family Software
Internet Software
iTunes & iPod Software
Networking Software
Productivity Software
Screensavers
Security Software
System Utilities
Travel & Navigation Software
Video Software
Web Development Software
     




 
 
Microsoft Security Bulletin MS02-039

Microsoft Security Bulletin MS02-039
Version: Q323875
Platforms: Windows

Categories: Developer Tools
Upload Date: 29 Oct 15
Developer: Microsoft
Distribution Type: Freeware
Downloads: 0
File Size: 163 Kb
Free Download Microsoft Security Bulletin MS02-039 

Rating: 0.0/5 (Total votes: 0)


 

SQL Server 2000 introduces the ability to host multiple instances of SQL Server on a single physical machine. Each instance operates for all intents and purposes as though it was a separate server. However, the multiple instances cannot all use the standard SQL Server session port (TCP 1433). While the default instance listens on TCP port 1433, named instances listen on any port assigned to them. The SQL Server Resolution Service, which operates on UDP port 1434, provides a way for clients to query for the appropriate network endpoints to use for a particular SQL Server instance. There are three security vulnerabilities here. The first two are buffer overruns. By sending a carefully crafted packet to the Resolution Service, an attacker could cause portions of system memory (the heap in one case, the stack in the other) to be overwritten. Overwriting it with random data would likely result in the failure of the SQL Server service; overwriting it with carefully selected data could allow the attacker to run code in the security context of the SQL Server service. The third vulnerability is a denial of service vulnerability. SQL uses a keep-alive mechanism to distinguish between active and passive instances. It is possible to create a keep-alive packet that, when sent to the Resolution Service, will cause SQL Server 2000 to respond with the same information. An attacker who created such a packet, spoofed the source address so that it appeared to come from a one SQL Server 2000 system, and sent it to a neighboring SQL Server 2000 system could cause the two systems to enter a never-ending cycle of keep-alive packet exchanges. This would consume resources on both systems, slowing performance considerably. Mitigating factors: Buffer Overruns in SQL Server Resolution Service:

  • SQL Server 2000 runs in a security context chosen by the administrator at installation time. By default, it runs as a Domain User. Thus, although the attacker's code could take any desired action on the database, it would not necessarily have significant privileges at the operating system level if best practices have been followed.
  • The risk posed by the vulnerability could be mitigated by, if feasible, blocking port 1434 at the firewall.

Denial of Service via SQL Server Resolution Service:

  • An attack could be broken off by restarting the SQL Server 2000 service on either of the affected systems. Normal processing on both systems would resume once the attack ceased.
  • The vulnerability provides no way to gain any privileges on the system. It is a denial of service vulnerability only.

Requirements:

 

  • Windows 2000

 

 
Like it? Share with your friends!   
 

Other Windows Software of Developer «Microsoft»:

Microsoft .NET Framework Redistributable 1.0Microsoft .NET Framework Redistributable 1.0
The Microsoft .NET Framework includes everything you need to run .NET Framework applications, including the Common Language Runtime, the .NET Framework class library, and ASP.NET. This version is the first release on CNET Download.com.What is new in this r
Windows 2000 Security Patch: September IIS 5.0 Cumulative Security PatchWindows 2000 Security Patch: September IIS 5.0 Cumulative Security Patch
Windows 2000 Security Patch: September IIS 5.0 Cumulative Security Patch is an update that addresses several security vulnerabilities affecting Internet Information Services (IIS) 5.0 with Windows 2000, as well as incorporating all previous updates for IIS
Administration Pack for IIS (WPI)Administration Pack for IIS (WPI)
The IIS 7.0 Administration Pack adds to the set of management features that ship with IIS 7.0 to include Administration UI support for ASP.NET authorization, custom errors, FastCGI configuration, Request Filtering and much more. The Administration Pack als
Security Update for Excel 2002 (KB905755)Security Update for Excel 2002 (KB905755)
A security vulnerability exists in Microsoft Excel 2002 that could allow arbitrary code to run when opening a malicious document. This update addresses that vulnerability. This version is the first release on CNET Download.com.What is new in this release:T
Microsoft Pro Photo Shoot (Outlook 2003)Microsoft Pro Photo Shoot (Outlook 2003)
Microsoft Pro Photo Shoot is a new software add-in for Microsoft Office Outlook that allows photographers to add details of the client and equipment for a photo shoot appointment in Outlook. This allows photographers to greater leverage the power of Outloo
Microsoft Commerce Server 2007 Migration GuideMicrosoft Commerce Server 2007 Migration Guide
The Commerce Server 2007 Migration Guide contains information on migrating from Microsoft Commerce Server 2000, Microsoft Commerce Server 2002, or Microsoft Commerce Server 2002 Feature Pack 1 (FP1) to Commerce Server 2007. This version is the first releas
Microsoft Dynamics CRM 3.0 Data Migration PackMicrosoft Dynamics CRM 3.0 Data Migration Pack
The Data Migration Pack includes two tools for migrating data to Microsoft Dynamics CRM 3.0: Data Migration Wizard for Microsoft Office Outlook with Business Contact Manager, for migrating data from Outlook with Business Contact Manager to Microsoft CRM 3.
Money 2002 Update Synchronisation Upgrade (UK)Money 2002 Update Synchronisation Upgrade (UK)
In August 2002 a new version of MSN Money was launched. This resulted in Microsoft Money 2002 being unable to correctly synchronize its portfolio with an MSN Money portfolio. This patch will upgrade the UK edition of Microsoft Money 2002 and restore compat
SharePoint Products and Technologies Templates: Web Part Templates for Visual Studio .NETSharePoint Products and Technologies Templates: Web Part Templates for Visual Studio .NET
Web Part developers can use Microsoft Visual Studio .NET to build Web Part assemblies for use in Microsoft SharePoint Products and Technologies. These templates are provided to help developers create Web Parts. The templates are similar to the default serv
Office Business Applications Momentum BookOffice Business Applications Momentum Book
Read the success stories in this book to see how companies have created Office Business Applications (OBAs) to develop and strengthen customer relationships, create innovative products and services, improve operations, reduce costs, and build higher value

» show all

 
Similar Applications:

dbForge Fusion for MySQL, RAD Studio 2009 Add-indbForge Fusion for MySQL, RAD Studio 2009 Add-in
dbForge Fusion for MySQL, is a powerful add-in designed to simplify the MySQL database application development process. It integrates into Visual Studio, making all database development and administration tasks available from your favorite IDE. It provides
Export Table to Text for DB2 ProfessionalExport Table to Text for DB2 Professional
Export table to Text is an easy to use tool that allows you to export data rows from selected table to text file. This program supports all modern versions of IBM DB2 database systems. Easy to learn and use wizard interface. It features delimited or fixed
MySQL MS SQL Server Import, Export & Convert SoftwareMySQL MS SQL Server Import, Export & Convert Software
This software offers a solution to users who want to transfer tables and queries between their MySQL and MS SQL Server databases. This software will generate the necessary SQL commands for importing and exporting for you. There is an advanced feature for c
Simple QuerySimple Query
Simple Query is a set native of Delphi/VCL classes, components and controls that provides an ability to include end-user-oriented query builder into your Win32 application and allows your users to describe their requests in native language instead of SQL,
Toolverse Data Explorer ETL EditionToolverse Data Explorer ETL Edition
Toolverse Data Explorer ETL Edition is a complete end-to-end solution for database development, data discovery, data migration, data integration and extract-transform-load. It runs on all major platforms, including Web browsers, and supports a wide range o
Oracle Data Access Components Unicode for Delphi, C++Builder, and RAD Studio 2007Oracle Data Access Components Unicode for Delphi, C++Builder, and RAD Studio 2007
Oracle Data Access Components (ODAC) is a library of components that provides native connectivity to Oracle from Delphi, Delphi for .NET, C++Builder, Kylix, and Free Pascal. The ODAC library is designed to help programmers develop faster and cleaner Oracle
Db Query ToolDb Query Tool
This easy to use tool allows you to connect to any Microsoft SQL database and browse or modify data. Db Query Tool can be used by a novice, but will be invaluable to any database profession. It aids in finding, analyzing, viewing, and examining data. You c
DatAdmin PersonalDatAdmin Personal
DatAdmin Personal provides easy and quick database administration, natively supports MSSQL, MySQL, SQLite, Postgre SQL, and MS Access. Also can be used to create and restoring backups, transfer data between databases, tables or files (supported formats are
DBACentral for MySQLDBACentral for MySQL
DBACentral for MySQL is a unique solution for database administration, development and data management. DBACentral for MySQL provides you with easy-to-use graphical user interface for executing all database operations: database structure management, table
SQLData Express for Sybase ASE to SQL ServerSQLData Express for Sybase ASE to SQL Server
SQLData is a scalable, high performance data transfer, schema conversion and validation tool for Sybase Adaptive Server Enterprise to Microsoft SQL Server and SQL Azure migration.The tool allows you to move and validate the migration of large volumes of da
 

Supported Operating Systems:
Windows 2000 | 
 

Comments on Microsoft Security Bulletin MS02-039:

Comments not found

Name:


Comment:


Enter text from image below:

Turn on images!

 
 
 

Windows Software - Free Windows Downloads, Apps, Games, Freeware, Skype, Media Player, Antivirus, Gimp, Live, Starter for Windows XP, Vista, 7, 8, 10

© Pantich 2016 all rights reserved