SQL Server 2000 introduces the ability to host multiple instances of SQL Server on a single physical machine. Each instance operates for all intents and purposes as though it was a separate server. However, the multiple instances cannot all use the standard SQL Server session port (TCP 1433). While the default instance listens on TCP port 1433, named instances listen on any port assigned to them. The SQL Server Resolution Service, which operates on UDP port 1434, provides a way for clients to query for the appropriate network endpoints to use for a particular SQL Server instance. There are three security vulnerabilities here. The first two are buffer overruns. By sending a carefully crafted packet to the Resolution Service, an attacker could cause portions of system memory (the heap in one case, the stack in the other) to be overwritten. Overwriting it with random data would likely result in the failure of the SQL Server service; overwriting it with carefully selected data could allow the attacker to run code in the security context of the SQL Server service. The third vulnerability is a denial of service vulnerability. SQL uses a keep-alive mechanism to distinguish between active and passive instances. It is possible to create a keep-alive packet that, when sent to the Resolution Service, will cause SQL Server 2000 to respond with the same information. An attacker who created such a packet, spoofed the source address so that it appeared to come from a one SQL Server 2000 system, and sent it to a neighboring SQL Server 2000 system could cause the two systems to enter a never-ending cycle of keep-alive packet exchanges. This would consume resources on both systems, slowing performance considerably. Mitigating factors: Buffer Overruns in SQL Server Resolution Service:
SQL Server 2000 runs in a security context chosen by the administrator at installation time. By default, it runs as a Domain User. Thus, although the attacker's code could take any desired action on the database, it would not necessarily have significant privileges at the operating system level if best practices have been followed.
The risk posed by the vulnerability could be mitigated by, if feasible, blocking port 1434 at the firewall.
Denial of Service via SQL Server Resolution Service:
An attack could be broken off by restarting the SQL Server 2000 service on either of the affected systems. Normal processing on both systems would resume once the attack ceased.
The vulnerability provides no way to gain any privileges on the system. It is a denial of service vulnerability only.
Like it? Share with your friends!
Other Windows Software of Developer «Microsoft»:
Visual Basic Pack for Visual Studio 2005 SDK Visual Basic Pack for Visual Studio 2005 SDK is the Visual Basic Pack for VS SDK 2005 V4 targeting VS 2005. It contains Visual Basic samples and wizards for creating VSIP packages using VB. These samples are the migrated CSharp samples that were shipped wi
SharePoint Portal Server 2003: IntelliSense XML Files This download includes updates of the XML files used to produce IntelliSense information about the Microsoft Office SharePoint Portal Server and Microsoft Windows SharePoint Services managed object models within the Microsoft Visual Studio .NET integrated
Windows SDK .NET Framework 3.0 Samples The Windows SDK samples for .NET Framework 3.0 include samples for .NET Framework 2.0, Windows Communication Foundation, Windows Presentation Foundation, Windows Workflow Foundation, and Cross Technology samples. These samples can be downloaded from here o
Project 2003: Project Guide and Custom Views Project 2003: Project Guide and Custom Views includes custom Project Guide and custom view samples related to the Project Guide 101 articles, and the default Project Guide files for Microsoft Office Project 2003. This version is the first release on CNET D
Microsoft Origami Experience Pack Origami Experience Pack contains these three programs for an Ultra-Mobile PC (UMPC) running Windows Vista. Access your music, videos, pictures, and favorite programs. Play this popular game using a touch screen. Easily view and interact with the touch scre
Reference Architecture for Commerce V2 Reference Architecture for Commerce V2 is a document provides a brief overview of the Microsoft Reference Architecture for Commerce, which consists of code and documentation designed to accelerate the development of e-commerce solutions for medium to large
TripPlannerSource The TripPlannerSource.exe download includes all the files that make up the eMbedded Visual Tools C++ Project, including commented source code and bitmaps. This version is the first release on CNET Download.com.What is new in this release:This version is th
Commerce Server 2000 Service Pack 3 Debug Symbols To help with debugging any problems that you may run into with Commerce Server 2000 Service Pack 3, we have made the symbols available to you. This version is the first release on CNET Download.com.What is new in this release:This version is the first rele
Agent 2.0 Character: Merlin Character File Microsoft Agent 2.0 character data file (.acs format) for Merlin. Microsoft Agent is a software technology that enables an enriched form of user interaction that can make using and learning to use a computer easier and more natural. This version is the fir
MZ Easy DataBase Schema For each one who wants to create a database or modify the schema of the database, it was always been a difficult job to do. Even more when you want to create or make data transfer code in each programming language.
Also when you don't have the SQL install
myLittleBackup for MS SQL Server myLittleBackup for SQL Server is the first Backup/Restore solution specially designed for shared SQL Server hosting. With myLittleBackup, shared SQL Server hosting companies are now able to give their customers an easy and secure solution to backup/restore
OpenLink Data Access ODBC Lite (DB/2) OpenLink Universal Data Access ODBC Lite Drivers. High-Performance 32-Bit ODBC Drivers that provide transparent access to remote databases from any ODBC compliant application. Desktop Productivity Tools, such as Spreadsheets, Word Processors, Presentation
Help Generator for Microsoft Access Use Help Generator to create help and documentation integrated with your Microsoft Access applications easy and fast. Features HTML page and image generation, table of contents, index and search, and images with hotspots. The WYSIWYG wizard lets you set ma
SmartDB It is a pioneering C++ Software/ Application development toolkit which lets you rapidly and efficiently develop, industrial strength, data intensive, Business/ ERP/ Database applications. It contains specialized IDE & debugger, database, spreadsheet.What i
DBeaver (32-Bit) DBeaver (32-Bit) is universal database tool for developers and database administrators. Usability is the main goal of this project, program UI is carefully designed and implemented. It is multiplatform, based on open source framework and allows writing var
OraDeveloper Tools for Delphi Powerful Delphi add-in designed to automate and simplify the process of developing applications with Oracle. OraDeveloper Tools integrates into Delphi and lets you quickly browse, query, and update Oracle databases directly from Borland Development Studio.
DiffSchema DiffSchema generates a list of differences between multiple SQL databases. It works with SQL Server 7/2000/2005/2008. DiffSchema analyses Tables, Views, Stored Procedures and Functions. It can alert you by email and can be scheduled. Diffschema is free and
Export Table to SQL for Oracle Professional Export Table to SQL script for Oracle helps to save table's data as a set of INSERT SQL statements and optional CREATE TABLE statement. Predefined or custom separators like ';' and a few export options make this tool flexible. The program has easy to learn
EboBar EboBar lets you launch all your applications and documents by just pressing a few keys. No pre-assignment of shortcuts necessary, EBoBar figures out what you want to start using a nifty search algorithm. Works for applications, documents, Web site shortcut
Supported Operating Systems:
Windows 2000 |
Comments on Microsoft Security Bulletin MS02-039:
Comments not found
Windows Software - Free Windows Downloads, Apps, Games, Freeware, Skype, Media Player, Antivirus, Gimp, Live, Starter for Windows XP, Vista, 7, 8, 10