Microsoft Security Bulletin MS02-039 for Windows Free Download in Database Software Tag

     
Tags
Digital Photo Software  System Utilities  Database Management Software  Wireless Networking Software  Games  Audio Software  Educational & Science Software  Networking Software  Video Software  Disk & File Software  Internet Software  Privacy Software & Access control  Business & Office Software  Security Software  3D Modeling Software  Video Players  CAD Software  Developer Tools  Communication Software  Drivers  Graphic Design Software 
Search by Category
Audio Software
Browsers
Business & Office Software
CD & DVD Software
Communication Software
Desktop Enhancements
Developer Tools
.NET
ActiveX
Basic, VB, VB .Net
Bug Tracking Software
C, C++, C#
Code Editors
Components & Libraries
Database Management Software
Database Software
Debugging Software
Developer Tutorials
IDE Software & SDK
Installers
Interpreters & Compilers
Java Software
Localization & Internationalization Software
Programming Software
Quality Assurance and Testing Software
Digital Photo Software
Disk & File Software
Drivers
Educational & Science Software
Entertainment & Hobby Software
Games
Graphic Design Software
Home & Family Software
Internet Software
iTunes & iPod Software
Networking Software
Productivity Software
Screensavers
Security Software
System Utilities
Travel & Navigation Software
Video Software
Web Development Software
     




 
 
Microsoft Security Bulletin MS02-039

Microsoft Security Bulletin MS02-039
Version: Q323875
Platforms: Windows

Categories: Developer Tools
Upload Date: 29 Oct 15
Developer: Microsoft
Distribution Type: Freeware
Downloads: 0
File Size: 163 Kb
Free Download Microsoft Security Bulletin MS02-039 

Rating: 0.0/5 (Total votes: 0)


 

SQL Server 2000 introduces the ability to host multiple instances of SQL Server on a single physical machine. Each instance operates for all intents and purposes as though it was a separate server. However, the multiple instances cannot all use the standard SQL Server session port (TCP 1433). While the default instance listens on TCP port 1433, named instances listen on any port assigned to them. The SQL Server Resolution Service, which operates on UDP port 1434, provides a way for clients to query for the appropriate network endpoints to use for a particular SQL Server instance. There are three security vulnerabilities here. The first two are buffer overruns. By sending a carefully crafted packet to the Resolution Service, an attacker could cause portions of system memory (the heap in one case, the stack in the other) to be overwritten. Overwriting it with random data would likely result in the failure of the SQL Server service; overwriting it with carefully selected data could allow the attacker to run code in the security context of the SQL Server service. The third vulnerability is a denial of service vulnerability. SQL uses a keep-alive mechanism to distinguish between active and passive instances. It is possible to create a keep-alive packet that, when sent to the Resolution Service, will cause SQL Server 2000 to respond with the same information. An attacker who created such a packet, spoofed the source address so that it appeared to come from a one SQL Server 2000 system, and sent it to a neighboring SQL Server 2000 system could cause the two systems to enter a never-ending cycle of keep-alive packet exchanges. This would consume resources on both systems, slowing performance considerably. Mitigating factors: Buffer Overruns in SQL Server Resolution Service:

  • SQL Server 2000 runs in a security context chosen by the administrator at installation time. By default, it runs as a Domain User. Thus, although the attacker's code could take any desired action on the database, it would not necessarily have significant privileges at the operating system level if best practices have been followed.
  • The risk posed by the vulnerability could be mitigated by, if feasible, blocking port 1434 at the firewall.

Denial of Service via SQL Server Resolution Service:

  • An attack could be broken off by restarting the SQL Server 2000 service on either of the affected systems. Normal processing on both systems would resume once the attack ceased.
  • The vulnerability provides no way to gain any privileges on the system. It is a denial of service vulnerability only.

Requirements:

 

  • Windows 2000

 

 
Like it? Share with your friends!   
 

Other Windows Software of Developer «Microsoft»:

Visual Basic Pack for Visual Studio 2005 SDKVisual Basic Pack for Visual Studio 2005 SDK
Visual Basic Pack for Visual Studio 2005 SDK is the Visual Basic Pack for VS SDK 2005 V4 targeting VS 2005. It contains Visual Basic samples and wizards for creating VSIP packages using VB. These samples are the migrated CSharp samples that were shipped wi
SharePoint Portal Server 2003: IntelliSense XML FilesSharePoint Portal Server 2003: IntelliSense XML Files
This download includes updates of the XML files used to produce IntelliSense information about the Microsoft Office SharePoint Portal Server and Microsoft Windows SharePoint Services managed object models within the Microsoft Visual Studio .NET integrated
Windows SDK .NET Framework 3.0 SamplesWindows SDK .NET Framework 3.0 Samples
The Windows SDK samples for .NET Framework 3.0 include samples for .NET Framework 2.0, Windows Communication Foundation, Windows Presentation Foundation, Windows Workflow Foundation, and Cross Technology samples. These samples can be downloaded from here o
Project 2003: Project Guide and Custom ViewsProject 2003: Project Guide and Custom Views
Project 2003: Project Guide and Custom Views includes custom Project Guide and custom view samples related to the Project Guide 101 articles, and the default Project Guide files for Microsoft Office Project 2003. This version is the first release on CNET D
Microsoft Origami Experience PackMicrosoft Origami Experience Pack
Origami Experience Pack contains these three programs for an Ultra-Mobile PC (UMPC) running Windows Vista. Access your music, videos, pictures, and favorite programs. Play this popular game using a touch screen. Easily view and interact with the touch scre
Windows 2000 IIS5 Security Patch: Web Server File Request Parsing VulnerabilityWindows 2000 IIS5 Security Patch: Web Server File Request Parsing Vulnerability
Microsoft has released an updated patch dated 11-30-00 that eliminates a serious security vulnerability in Microsoft Internet Information Services 5.0. The vulnerability could enable a malicious user to run operating system commands on an affected Web serv
Reference Architecture for Commerce V2Reference Architecture for Commerce V2
Reference Architecture for Commerce V2 is a document provides a brief overview of the Microsoft Reference Architecture for Commerce, which consists of code and documentation designed to accelerate the development of e-commerce solutions for medium to large
TripPlannerSourceTripPlannerSource
The TripPlannerSource.exe download includes all the files that make up the eMbedded Visual Tools C++ Project, including commented source code and bitmaps. This version is the first release on CNET Download.com.What is new in this release:This version is th
Commerce Server 2000 Service Pack 3 Debug SymbolsCommerce Server 2000 Service Pack 3 Debug Symbols
To help with debugging any problems that you may run into with Commerce Server 2000 Service Pack 3, we have made the symbols available to you. This version is the first release on CNET Download.com.What is new in this release:This version is the first rele
Agent 2.0 Character: Merlin Character FileAgent 2.0 Character: Merlin Character File
Microsoft Agent 2.0 character data file (.acs format) for Merlin. Microsoft Agent is a software technology that enables an enriched form of user interaction that can make using and learning to use a computer easier and more natural. This version is the fir

» show all

 
Similar Applications:

MZ Easy DataBase SchemaMZ Easy DataBase Schema
For each one who wants to create a database or modify the schema of the database, it was always been a difficult job to do. Even more when you want to create or make data transfer code in each programming language. Also when you don't have the SQL install
myLittleBackup for MS SQL ServermyLittleBackup for MS SQL Server
myLittleBackup for SQL Server is the first Backup/Restore solution specially designed for shared SQL Server hosting. With myLittleBackup, shared SQL Server hosting companies are now able to give their customers an easy and secure solution to backup/restore
OpenLink Data Access ODBC Lite (DB/2)OpenLink Data Access ODBC Lite (DB/2)
OpenLink Universal Data Access ODBC Lite Drivers. High-Performance 32-Bit ODBC Drivers that provide transparent access to remote databases from any ODBC compliant application. Desktop Productivity Tools, such as Spreadsheets, Word Processors, Presentation
Help Generator for Microsoft AccessHelp Generator for Microsoft Access
Use Help Generator to create help and documentation integrated with your Microsoft Access applications easy and fast. Features HTML page and image generation, table of contents, index and search, and images with hotspots. The WYSIWYG wizard lets you set ma
SmartDBSmartDB
It is a pioneering C++ Software/ Application development toolkit which lets you rapidly and efficiently develop, industrial strength, data intensive, Business/ ERP/ Database applications. It contains specialized IDE & debugger, database, spreadsheet.What i
DBeaver (32-Bit)DBeaver (32-Bit)
DBeaver (32-Bit) is universal database tool for developers and database administrators. Usability is the main goal of this project, program UI is carefully designed and implemented. It is multiplatform, based on open source framework and allows writing var
OraDeveloper Tools for DelphiOraDeveloper Tools for Delphi
Powerful Delphi add-in designed to automate and simplify the process of developing applications with Oracle. OraDeveloper Tools integrates into Delphi and lets you quickly browse, query, and update Oracle databases directly from Borland Development Studio.
DiffSchemaDiffSchema
DiffSchema generates a list of differences between multiple SQL databases. It works with SQL Server 7/2000/2005/2008. DiffSchema analyses Tables, Views, Stored Procedures and Functions. It can alert you by email and can be scheduled. Diffschema is free and
Export Table to SQL for Oracle ProfessionalExport Table to SQL for Oracle Professional
Export Table to SQL script for Oracle helps to save table's data as a set of INSERT SQL statements and optional CREATE TABLE statement. Predefined or custom separators like ';' and a few export options make this tool flexible. The program has easy to learn
EboBarEboBar
EboBar lets you launch all your applications and documents by just pressing a few keys. No pre-assignment of shortcuts necessary, EBoBar figures out what you want to start using a nifty search algorithm. Works for applications, documents, Web site shortcut
 

Supported Operating Systems:
Windows 2000 | 
 

Comments on Microsoft Security Bulletin MS02-039:

Comments not found

Name:


Comment:


Enter text from image below:

Turn on images!

 
 
 

Windows Software - Free Windows Downloads, Apps, Games, Freeware, Skype, Media Player, Antivirus, Gimp, Live, Starter for Windows XP, Vista, 7, 8, 10

© Pantich 2016 all rights reserved