Vulnerability Bulletins |
Múltiples vulnerabilidades en Microsoft SQL Server |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Aumento de privilegios |
| Dificulty | Avanzado |
| Required attacker level | Acceso remoto con cuenta |
System information |
|
| Property | Value |
| Affected manufacturer | Microsoft |
| Affected software |
Microsoft SQL Server 7.0 Microsoft Data Engine (MSDE) 1.0 Microsoft SQL Server 2000 Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) Microsoft SQL Server 2000 Desktop Engine (Windows) |
Description |
|
|
Se han descubierto múltiples vulnerabilidades en la característica "named pipes" de Windows 2000, que si son explotadas pueden permitir una escalada de privilegios en el sistema vulnerable o causar una denegación de servicio. Estas vulnerabilidades son: -Secuestro de "named pipes" -Denegación de servicio en las "named pipes" -Desbordamiento de búfer en SQL server |
|
Solution |
|
|
Actualización de software Microsoft SQL Microsoft SQL Server 7.0 http://microsoft.com/downloads/details.aspx?FamilyId=FE5B0892-A5C9-44C2-9B42-0D291E9C1636 Microsoft SQL 2000 32-bit Edition http://microsoft.com/downloads/details.aspx?FamilyId=9814AE9D-BD44-40C5-ADD3-B8C99618E68D Microsoft SQL 2000 64-bit Edition http://microsoft.com/downloads/details.aspx?FamilyId=72336508-057A-4E86-8F2E-CB1BD3A6A44B |
|
Standar resources |
|
| Property | Value |
| CVE |
CAN-2003-0230 CAN-2003-0231 CAN-2003-0232 |
| BID | |
Other resources |
|
|
Microsoft Security Bulletin MS03-031 http://www.microsoft.com/technet/security/bulletin/MS03-031.mspx Microsoft Knowledge Database article 815495: http://support.microsoft.com/?kbid=815495 Microsoft Knowledge Base article Q821546: http://support.microsoft.com/?kbid=821546 |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2003-07-28 |