More tales of poorly written OS code.
Walter
-----------------------------------------------------------------------
June 14, 2002
Flaw Puts SQL Servers at Risk
By Dennis Fisher
A Russian security researcher claims he has discovered a flaw in
Microsoft Corp.'s SQL Server 2000 which gives an attacker the ability to
either crash the server or execute malicious code on the machine.
Microsoft is aware of the advisory and is investigating the issue, the
company said.
The vulnerability is in the "pwdencrypt" hashing function, which is
included with SQL. A buffer overrun flaw in this function enables an
attacker to overwrite a portion of the heap memory, which could either
result in the SQL Server application crashing or the attacker being able
to execute code on the machine.
The researcher, Martin Rakhmanoff, posted his advisory to the Bugtraq
security mailing list, along with instructions on how to exploit the
flaw. Rakhmanoff is the author of a freeware Windows password-recovery
tool called BehindTheAsterisks that displays the plain-text instead of
the asterisks in the Windows log-on password field.
A Microsoft spokesman said in a statement that the company is concerned
that Rakhmanoff's bulletin puts users at risk of attack.
"The Microsoft Security Response Center is thoroughly investigating this
issue, just as we do with every report we receive of security
vulnerabilities affecting Microsoft products," the statement said.
"At this point in the investigation we feel strongly that speculating on
the issue while the investigation is in progress would be irresponsible
and counterproductive to our goal of protecting our customers'
information. Microsoft is moving forward on the investigation with all
due speed and, when it is completed, we will take the action that best
serves Microsoft's customers.
"We are concerned by the way this report has been handled. Publishing
the report may put computer users at risk--or at the very least could
cause needless confusion and apprehension."
This is the third serious flaw in SQL Server 2000 that's been disclosed
this week. On Wednesday Microsoft issued patches for two problems in the
database software's SQLXML service.
There is an unchecked buffer in an ISAPI extension which could enable an
attacker to run code on the IIS server, as well as a vulnerability in a
function that specifies an XML tag. This second flaw could allow an
attacker to run scripts on the vulnerable machine with escalated
privileges, Microsoft officials said.
--Walter Watts Tulsa Network Solutions, Inc.
"No one gets to see the Wizard! Not nobody! Not no how!"
This archive was generated by hypermail 2b30 : Sun Sep 22 2002 - 05:06:14 MDT