Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vuln.

Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vuln.

by Nikola Strahija on July 13th, 2002 A buffer overflow vulnerability has been reported in SQL Server 2000. The vunerability is a result of an unchecked buffer when using the password encrypt procedure. This procedure is used by administrators to provides support for the storage of SQL Server Authentication credentials..


The overrun condition is due to an unbounded data copy operation that occurs when processing the procedure arguments. Attackers may exploit this vulnerability by invoking the password encrypt procedure with excessive input.

** This BugTraq ID has been reissued as an individual vulnerability. See BID 4847 and BID 5205 for details of the other vulnerabilties.

Remote: Yes

Exploit: No

Solution: Microsoft SQL Server 2000 SP2:

Microsoft Patch Q316333
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q316333&
For Microsoft SQL Server 2000 SP2.

Microsoft Patch Q316333
http://support.microsoft.com/default.aspx?scid=http://download.microsoft.com/download/SQLSVR2000/Update/8.00.0650/W98NT42KMeXP/EN-US/8.00.0650_enu.exe


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »