SQL Server 2000 introduces the ability to host multiple instances of SQL Server on a single physical machine. Each instance operates for all intents and purposes as though it was a separate server. However, the multiple instances cannot all use the standard SQL Server session port (TCP 1433). While the default instance listens on TCP port 1433, named instances listen on any port assigned to them. The SQL Server Resolution Service, which operates on UDP port 1434, provides a way for clients to query for the appropriate network endpoints to use for a particular SQL Server instance. There are three security vulnerabilities here. The first two are buffer overruns. By sending a carefully crafted packet to the Resolution Service, an attacker could cause portions of system memory (the heap in one case, the stack in the other) to be overwritten. Overwriting it with random data would likely result in the failure of the SQL Server service; overwriting it with carefully selected data could allow the attacker to run code in the security context of the SQL Server service. The third vulnerability is a denial of service vulnerability. SQL uses a keep-alive mechanism to distinguish between active and passive instances. It is possible to create a keep-alive packet that, when sent to the Resolution Service, will cause SQL Server 2000 to respond with the same information. An attacker who created such a packet, spoofed the source address so that it appeared to come from a one SQL Server 2000 system, and sent it to a neighboring SQL Server 2000 system could cause the two systems to enter a never-ending cycle of keep-alive packet exchanges. This would consume resources on both systems, slowing performance considerably. Mitigating factors: Buffer Overruns in SQL Server Resolution Service:
SQL Server 2000 runs in a security context chosen by the administrator at installation time. By default, it runs as a Domain User. Thus, although the attacker's code could take any desired action on the database, it would not necessarily have significant privileges at the operating system level if best practices have been followed.
The risk posed by the vulnerability could be mitigated by, if feasible, blocking port 1434 at the firewall.
Denial of Service via SQL Server Resolution Service:
An attack could be broken off by restarting the SQL Server 2000 service on either of the affected systems. Normal processing on both systems would resume once the attack ceased.
The vulnerability provides no way to gain any privileges on the system. It is a denial of service vulnerability only.
Like it? Share with your friends!
Other Windows Software of Developer «Microsoft»:
.NET Compact Framework Sample: Signature Capture The sample application includes a client that runs on the Pocket PC that sends signature data over TCP sockets to a server that is running on the desktop. Data is encrypted and decrypted using the cryptography services. This version is the first release on
Speech Software Development Kit 5.1 The Microsoft Speech SDK 5.1 adds Automation support to the features of the previous version of the Speech SDK. You can now use the Win32 Speech API (SAPI) to develop speech applications with Visual Basic , ECMAScript and other Automation languages. The SD
MSDE Web Resource Kit - C# and .NET SDK Version MSDE Web Resource Kit - C# and .NET SDK Version code sample illustrates how to use MSDE (Microsoft SQL Server 2000 Desktop Engine) as the back end for an ASP.NET Web application. This version is implemented in C# using the .NET SDK. This version is the fir
Microsoft Excel 97 XLM Macro Security When an XLM macro sheet is saved as a text file and the text file is then opened into Excel, users may not receive the usual macro warning dialog box. This vulnerability could allow malicious code stored within the XLM macro sheet to perform harmful acts,
Code Sample: Session Sharing Between Classic ASP and ASP.NET This download contains sample code that illustrates how to share a session between classic ASP and ASP.NET. This version is the first release on CNET Download.com.What is new in this release:This version is the first release on CNET Download.com.Requiremen
Microsoft XNA Game Studio 3.0 Microsoft XNA Game Studio 3.0 enables hobbyists, academics, and independent game developers to easily create video games for Windows and the Microsoft Zune digital media player by using optimized cross-platform gaming libraries based on the .NET Framework.
Microsoft Office 2000 Service Pack 2 Office 2000 SP-2 provides the latest product updates to Office 2000 Service Release 1 (SR-1). Office 2000 SP-2 is particularly useful to corporate customers, and can also be installed by small business or individual users.What is new in this release: Outlo
Windows NT NTLMSSP Privilege Elevation Vulnerability Patch The NTLM Security Support Provider (NTLMSSP) service in Windows NT 4.0 is responsible for handling NTLM authentication requests, and runs by default on all Windows NT 4.0 systems. A flaw in the service's implementation could allow a service request from an
Village Tracker for Art Village Tracker for Art is a complete windows inventory system that will help you get you organized fast. The software is for all types of art work including sculptures, ceramic pottery, paintings, ancient Egyptian art, Greek, and Roman replicas, oriental
Oracle ADO Easy Browse Easily browse an Oracle Database This nice tool searches Tables in your Oracle Database. If you are Admin, it refers to DBA_TABLES, and you can also browse Schema DB. If not, it searches Tables with ADO Schema. It builds a list of the Tables. Choose one, a
Office Hero - Recover Access Passwords Office Hero Recover Access Passwords uses advanced detections methods to recover lost passwords for microsoft access database files (mdb). You only need to select a database file and click Recover! - Nothing could be easier. R.A.P scans your database file
Navicat Essentials for MariaDB (64 bit) Navicat for MariaDB provides a native environment for MariaDB database management and administration. It works with any MariaDB database servers from version 5.1 or above, and supports all MySQL objects types. You can visually design database structures, e
DBGet DBGet is a light-weight yet powerful database Schema Browser and SQL Editor for Sybase, Oracle, SQL Server & IBM DB2 databases. Users will be able to access useful tools such as 1) Database search 2) Data transfer / Dictionary 3) Schema / XeL Compare 4) Pr
Visual Basic 2005 Database Projects VISUAL BASIC 2005 DATABASE PROJECTS contains three different programs for your use. The programs illustrate advanced uses of Visual Basic with databases. Topics covered include using data connection and data set objects, data bound controls, adding, editin
Database Design Studio Lite DDS-Lite is software for the modeling and forward engineering of relational databases. Enhanced Entity Relationship Diagram modeling allows you to design a fully relational database, complete with Cascading Referential Integrity Constraints, indexes, chec
Devart ODBC Driver for SQL Server Devart ODBC Driver for SQL Server provides high-performance and feature-rich connectivity solution for ODBC-based applications to access SQL Server databases from Windows, both 32-bit and 64-bit. Full support for standard ODBC API functions and data types
DataXplorer Data Xplorer is database browser, available as a desktop application and can be used as a data navigator for several well-known database types such as Oracle, MS SQL Server, MySQL, dbf, Paradox, DB2, Informix, and others. Data Xplorer is a professional too
idb2MySQL idb2MySQL copies tables and views from source DB to MySQL. ADO is used to connect to source. Import creates SQL-script, which will be sent to PHP-script of web-server. PHP-script loads SQL into MySQL. All application settings, including table list, are sto
Supported Operating Systems:
Windows 2000 |
Comments on Microsoft Security Bulletin MS02-039:
Comments not found
Windows Software - Free Windows Downloads, Apps, Games, Freeware, Skype, Media Player, Antivirus, Gimp, Live, Starter for Windows XP, Vista, 7, 8, 10