Microsoft Security Bulletin MS02-038

Naviga SWZ: Home Page » News
News del 25 Luglio 02 Autore: Steve3000
Cumulative Patch for SQL Server 2000 Service Pack 2 (Q316333)Titolo: Cumulative Patch for SQL Server 2000 Service Pack 2 (Q316333) Data: 24 July 2002 Software: Microsoft SQL Server 2000, Microsoft Desktop Engine (MSDE) 2000 Impatto: Two vulnerabilities, both of which could enable an attacker to run code on the server. Rischio: Moderate Bollettino: MS02-038Issue: ====== This patch eliminates two newly discovered vulnerabilities affecting SQL Server 2000 and MSDE 2000: - A buffer overrun vulnerability that occurs in several Database Consistency Checkers (DBCCs) that ship as part of SQL Server 2000. DBCCs are command console utilities that allow maintenance and other operations to be performed on a SQL Server. While many of these are executable only by sysadmin, some are executable by members of the db_owner and db_ddladmin roles as well. In the most serious case, exploiting this vulnerability would enable an attacker to run code in the context of the SQL Server service, thereby giving the attacker complete control over all databases on the server. - A SQL injection vulnerability that occurs in two stored procedures used in database replication. One of these can only be run by users who have been assigned the db_owner role; the other, due to a permissions error, could be run by any user who could log onto the server interactively. Exploiting the vulnerability could enable an attacker to run operating system commands on the server, but is subject to significant mitigating factors as discussed below. ------------------------------ Altro bollettino per gli utenti avanzati di Windows. In particolare in questo bollettino si prevengono due possibilità di esecuzioni di codice pericoloso su SQL Server 2000. Click su INFO per il bollettino. Queta patch è da installarsi su SQL Server 2000 con SP2. Scarica la patch localizzata in italiano. Italian: Download 8.00.0655_ita.exe nowNB: - Curiosità - Nel bollettino di questa patch vengono fatti i ringraziamenti ad una persona che pare aver scoperto e lavorato su questi due buchi, ma non facente parte del Team Microsoft.AcknowledgmentsMicrosoft thanks Cesar Cerrudo for reporting this issue to us and working with us to protect customers.
Inserisci un commento sul forum Commenta la News sul Forum

Voto:

Categoria: Sicurezza

La Community di SWZone.it

La community con le risposte che cerchi ! Partecipa é gratis !
Iscrizione ForumIscriviti al Forum

Newsletter

Vuoi ricevere tutti gli aggiornamenti di SWZone direttamente via mail ?
Iscrizione NewsletterIscriviti alla Newsletter

News Collegate