Microsoft Security Bulletin MS02-039 for Windows Free Download in Database Software Tag

     
Tags
Developer Tools  Privacy Software & Access control  Audio Software  Internet Software  Business & Office Software  Digital Photo Software  Graphic Design Software  Wireless Networking Software  Communication Software  Drivers  Video Players  Disk & File Software  Networking Software  Games  CAD Software  System Utilities  Database Management Software  Video Software  3D Modeling Software  Security Software  Educational & Science Software 
Search by Category
Audio Software
Browsers
Business & Office Software
CD & DVD Software
Communication Software
Desktop Enhancements
Developer Tools
.NET
ActiveX
Basic, VB, VB .Net
Bug Tracking Software
C, C++, C#
Code Editors
Components & Libraries
Database Management Software
Database Software
Debugging Software
Developer Tutorials
IDE Software & SDK
Installers
Interpreters & Compilers
Java Software
Localization & Internationalization Software
Programming Software
Quality Assurance and Testing Software
Digital Photo Software
Disk & File Software
Drivers
Educational & Science Software
Entertainment & Hobby Software
Games
Graphic Design Software
Home & Family Software
Internet Software
iTunes & iPod Software
Networking Software
Productivity Software
Screensavers
Security Software
System Utilities
Travel & Navigation Software
Video Software
Web Development Software
     




 
 
Microsoft Security Bulletin MS02-039

Microsoft Security Bulletin MS02-039
Version: Q323875
Platforms: Windows

Categories: Developer Tools
Upload Date: 29 Oct 15
Developer: Microsoft
Distribution Type: Freeware
Downloads: 0
File Size: 163 Kb
Free Download Microsoft Security Bulletin MS02-039 

Rating: 0.0/5 (Total votes: 0)


 

SQL Server 2000 introduces the ability to host multiple instances of SQL Server on a single physical machine. Each instance operates for all intents and purposes as though it was a separate server. However, the multiple instances cannot all use the standard SQL Server session port (TCP 1433). While the default instance listens on TCP port 1433, named instances listen on any port assigned to them. The SQL Server Resolution Service, which operates on UDP port 1434, provides a way for clients to query for the appropriate network endpoints to use for a particular SQL Server instance. There are three security vulnerabilities here. The first two are buffer overruns. By sending a carefully crafted packet to the Resolution Service, an attacker could cause portions of system memory (the heap in one case, the stack in the other) to be overwritten. Overwriting it with random data would likely result in the failure of the SQL Server service; overwriting it with carefully selected data could allow the attacker to run code in the security context of the SQL Server service. The third vulnerability is a denial of service vulnerability. SQL uses a keep-alive mechanism to distinguish between active and passive instances. It is possible to create a keep-alive packet that, when sent to the Resolution Service, will cause SQL Server 2000 to respond with the same information. An attacker who created such a packet, spoofed the source address so that it appeared to come from a one SQL Server 2000 system, and sent it to a neighboring SQL Server 2000 system could cause the two systems to enter a never-ending cycle of keep-alive packet exchanges. This would consume resources on both systems, slowing performance considerably. Mitigating factors: Buffer Overruns in SQL Server Resolution Service:

  • SQL Server 2000 runs in a security context chosen by the administrator at installation time. By default, it runs as a Domain User. Thus, although the attacker's code could take any desired action on the database, it would not necessarily have significant privileges at the operating system level if best practices have been followed.
  • The risk posed by the vulnerability could be mitigated by, if feasible, blocking port 1434 at the firewall.

Denial of Service via SQL Server Resolution Service:

  • An attack could be broken off by restarting the SQL Server 2000 service on either of the affected systems. Normal processing on both systems would resume once the attack ceased.
  • The vulnerability provides no way to gain any privileges on the system. It is a denial of service vulnerability only.

Requirements:

 

  • Windows 2000

 

 
Like it? Share with your friends!   
 

Other Windows Software of Developer «Microsoft»:

.NET Compact Framework Sample: Signature Capture.NET Compact Framework Sample: Signature Capture
The sample application includes a client that runs on the Pocket PC that sends signature data over TCP sockets to a server that is running on the desktop. Data is encrypted and decrypted using the cryptography services. This version is the first release on
Speech Software Development Kit 5.1Speech Software Development Kit 5.1
The Microsoft Speech SDK 5.1 adds Automation support to the features of the previous version of the Speech SDK. You can now use the Win32 Speech API (SAPI) to develop speech applications with Visual Basic , ECMAScript and other Automation languages. The SD
Microsoft Excel 2002 for Windows Macro Modification Security Vulnerability PatchMicrosoft Excel 2002 for Windows Macro Modification Security Vulnerability Patch
Excel and PowerPoint have a macro security framework that controls the execution of macros and prevents macros from running automatically. Under this framework, any time a user opens a document the document is scanned for the presence of macros. If a docum
MSDE Web Resource Kit - C# and .NET SDK VersionMSDE Web Resource Kit - C# and .NET SDK Version
MSDE Web Resource Kit - C# and .NET SDK Version code sample illustrates how to use MSDE (Microsoft SQL Server 2000 Desktop Engine) as the back end for an ASP.NET Web application. This version is implemented in C# using the .NET SDK. This version is the fir
Microsoft Excel 97 XLM Macro SecurityMicrosoft Excel 97 XLM Macro Security
When an XLM macro sheet is saved as a text file and the text file is then opened into Excel, users may not receive the usual macro warning dialog box. This vulnerability could allow malicious code stored within the XLM macro sheet to perform harmful acts,
Microsoft Dynamics CRM 3.0 Performance and Stress Testing ToolkitMicrosoft Dynamics CRM 3.0 Performance and Stress Testing Toolkit
The Microsoft Dynamics CRM 3.0 Performance and Stress Testing Toolkit is a tool that was created by the Microsoft CRM product team to formalize performance testing of Microsoft CRM 3.0. This toolkit facilitates load testing for particular customer scenario
Code Sample: Session Sharing Between Classic ASP and ASP.NETCode Sample: Session Sharing Between Classic ASP and ASP.NET
This download contains sample code that illustrates how to share a session between classic ASP and ASP.NET. This version is the first release on CNET Download.com.What is new in this release:This version is the first release on CNET Download.com.Requiremen
Microsoft XNA Game Studio 3.0Microsoft XNA Game Studio 3.0
Microsoft XNA Game Studio 3.0 enables hobbyists, academics, and independent game developers to easily create video games for Windows and the Microsoft Zune digital media player by using optimized cross-platform gaming libraries based on the .NET Framework.
Microsoft Office 2000 Service Pack 2Microsoft Office 2000 Service Pack 2
Office 2000 SP-2 provides the latest product updates to Office 2000 Service Release 1 (SR-1). Office 2000 SP-2 is particularly useful to corporate customers, and can also be installed by small business or individual users.What is new in this release: Outlo
Windows NT NTLMSSP Privilege Elevation Vulnerability PatchWindows NT NTLMSSP Privilege Elevation Vulnerability Patch
The NTLM Security Support Provider (NTLMSSP) service in Windows NT 4.0 is responsible for handling NTLM authentication requests, and runs by default on all Windows NT 4.0 systems. A flaw in the service's implementation could allow a service request from an

» show all

 
Similar Applications:

Village Tracker for ArtVillage Tracker for Art
Village Tracker for Art is a complete windows inventory system that will help you get you organized fast. The software is for all types of art work including sculptures, ceramic pottery, paintings, ancient Egyptian art, Greek, and Roman replicas, oriental
Oracle ADO Easy BrowseOracle ADO Easy Browse
Easily browse an Oracle Database This nice tool searches Tables in your Oracle Database. If you are Admin, it refers to DBA_TABLES, and you can also browse Schema DB. If not, it searches Tables with ADO Schema. It builds a list of the Tables. Choose one, a
Office Hero - Recover Access PasswordsOffice Hero - Recover Access Passwords
Office Hero Recover Access Passwords uses advanced detections methods to recover lost passwords for microsoft access database files (mdb). You only need to select a database file and click Recover! - Nothing could be easier. R.A.P scans your database file
Navicat Essentials for MariaDB (64 bit)Navicat Essentials for MariaDB (64 bit)
Navicat for MariaDB provides a native environment for MariaDB database management and administration. It works with any MariaDB database servers from version 5.1 or above, and supports all MySQL objects types. You can visually design database structures, e
DBGetDBGet
DBGet is a light-weight yet powerful database Schema Browser and SQL Editor for Sybase, Oracle, SQL Server & IBM DB2 databases. Users will be able to access useful tools such as 1) Database search 2) Data transfer / Dictionary 3) Schema / XeL Compare 4) Pr
Visual Basic 2005 Database ProjectsVisual Basic 2005 Database Projects
VISUAL BASIC 2005 DATABASE PROJECTS contains three different programs for your use. The programs illustrate advanced uses of Visual Basic with databases. Topics covered include using data connection and data set objects, data bound controls, adding, editin
Database Design Studio LiteDatabase Design Studio Lite
DDS-Lite is software for the modeling and forward engineering of relational databases. Enhanced Entity Relationship Diagram modeling allows you to design a fully relational database, complete with Cascading Referential Integrity Constraints, indexes, chec
Devart ODBC Driver for SQL ServerDevart ODBC Driver for SQL Server
Devart ODBC Driver for SQL Server provides high-performance and feature-rich connectivity solution for ODBC-based applications to access SQL Server databases from Windows, both 32-bit and 64-bit. Full support for standard ODBC API functions and data types
DataXplorerDataXplorer
Data Xplorer is database browser, available as a desktop application and can be used as a data navigator for several well-known database types such as Oracle, MS SQL Server, MySQL, dbf, Paradox, DB2, Informix, and others. Data Xplorer is a professional too
idb2MySQLidb2MySQL
idb2MySQL copies tables and views from source DB to MySQL. ADO is used to connect to source. Import creates SQL-script, which will be sent to PHP-script of web-server. PHP-script loads SQL into MySQL. All application settings, including table list, are sto
 

Supported Operating Systems:
Windows 2000 | 
 

Comments on Microsoft Security Bulletin MS02-039:

Comments not found

Name:


Comment:


Enter text from image below:

Turn on images!

 
 
 

Windows Software - Free Windows Downloads, Apps, Games, Freeware, Skype, Media Player, Antivirus, Gimp, Live, Starter for Windows XP, Vista, 7, 8, 10

© Pantich 2016 all rights reserved