Re: [Full-Disclosure] FW: VERITAS Software Technical Advisory

From: Stephen Menard (smenard@nbnet.nb.ca)
Date: 01/29/03

Next message: KF: "Re: RE : [Full-Disclosure] [Secure Network Operations, Inc.] Full Disclosure != Exploit Release"

Previous message: Tina Bird: "RE: [Full-Disclosure] FW: VERITAS Software Technical Advisory"
In reply to: Richard M. Smith: "RE: [Full-Disclosure] FW: VERITAS Software Technical Advisory"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Stephen Menard" <smenard@nbnet.nb.ca>
To: "Richard M. Smith" <rms@computerbytesman.com>, <full-disclosure@lists.netsys.com>
Date: Tue, 28 Jan 2003 21:08:31 -0400

Two lists and location from which the info was taken Below:
smenard
-----------------------------
<http://www.sqlsecurity.com/DesktopDefault.aspx?tabindex=10&tabid=13>

SQL Server/MSDE-Based Applications
ProductNameVendorNameVendorWebSiteSQLVersionDateSubmitted

Adonis aaaa SICM Technologies www.carl-mercier.com SQL 2000/MSDE 2000
1/27/2003 10:38:46 PM
Affymetrix Microarrray Affymetrix
http://www.affymetrix.com/products/index.affx SQL 7/MSDE 1.0 1/27/2003
5:06:20 PM
Altiris Deployment Server Altiris http://www.altiris.com SQL 7/MSDE 1.0
1/28/2003 8:53:30 AM
Altris/Spescom Deployment Server Altris http://www.altris.com Unknown
1/27/2003 3:35:17 PM
ARCserveIT (MSSQL is optional) Computer Associates International, Inc.
ca.com Unknown 1/27/2003 3:58:26 PM
AscentCapture 5.51 Kofax http://www.kofax.com/products/ascent/capture/
Unknown 1/27/2003 3:35:17 PM
ASP.NET Web Matrix Tool Microsoft SQL 2000/MSDE 2000 1/27/2003 3:35:17
PM
ASSET v1.01 - NIST Unknown 1/27/2003 3:35:17 PM
Backup Exec ver 9.0 Veritas http://www.veritas.com/ SQL 2000/MSDE 2000
1/27/2003 3:35:17 PM
BioLink ver 1.5 CSIRO http://www.biolink.csiro.au/ SQL 2000/MSDE 2000
1/28/2003 1:27:07 PM
Biztalk Server 2002 Partner Edition Microsoft
http://www.microsoft.com/biztalk/ SQL 2000/MSDE 2000 1/27/2003 3:35:17 PM
BlackBerry Enterprise Server Research In Motion http://www.blackberry.com/
SQL 7/MSDE 1.0 1/27/2003 3:35:17 PM
Blackboard Transaction System Blackboard
http://products.blackboard.com/ca/index.cgi Unknown 1/27/2003 3:35:17 PM
bv-control and bv-admin products BINDVIEW www.bindview.com SQL 2000/MSDE
2000 1/28/2003 9:06:28 AM
Centennial Discovery Centennial UK Ltd http://www.centennial.co.uk SQL
7/MSDE 1.0 1/27/2003 3:35:17 PM
Centreware web Xerox www.xerox.com SQL 2000/MSDE 2000 1/28/2003 9:04:15
AM
Chaperon 2000 Unknown 1/27/2003 3:35:17 PM
Chubb security system Chubb Unknown 1/27/2003 3:35:17 PM
Cisco Building Broadband Service Manager 5.0, 5.1 Cisco Unknown
1/27/2003 3:35:17 PM
Cisco CallManager 3.3(x) Cisco Unknown 1/27/2003 3:35:17 PM
Cisco E-Mail Manager (CeM) Cisco Unknown 1/27/2003 3:35:17 PM
Cisco Intelligent Contact Management (ICM) 5.0 Cisco Unknown 1/27/2003
3:35:17 PM
Cisco Unity 3.x, 4.x Cisco Unknown 1/27/2003 3:35:17 PM
Citrix Nfuse Elite Citrix Unknown 1/27/2003 3:35:17 PM
CommVault Galaxy SQL 2000/MSDE 2000 1/27/2003 5:01:15 PM
Compaq Insight Manager Compaq Unknown 1/27/2003 3:35:17 PM
Compaq Insight Manager v7 Compaq For MSDE versions: USE 'Command Line'
"osql -U <User Name> -E" THEN 1> select @@version 2> GO SQL 7/MSDE 1.0
1/27/2003 3:35:17 PM
ControlCenter ST PowerQuest SQL 7/MSDE 1.0 1/27/2003 3:35:17 PM
Crystal Reports Enterprise 8.5 Crystal Decisions
http://www.crystaldecisions.com Unknown 1/27/2003 3:35:17 PM
Dell OpenManage IT Assistant Dell Computer Corporation www.dell.com SQL
2000/MSDE 2000 1/28/2003 9:49:51 AM
Directory Sizer (franzo.com) Unknown 1/27/2003 3:35:17 PM
EdWeb http://www.tierrasoftware.com Unknown 1/27/2003 3:35:17 PM
Elron IM Web Inspector Internet Filtering Software Unknown 1/27/2003
3:35:17 PM
ePolicy Orchestrator McAfee http://www.mcafeeb2b.com/products/epolicy/
SQL 7/MSDE 1.0 1/27/2003 3:35:17 PM
Exchange Migrator NetIQ Unknown 1/27/2003 5:00:05 PM
Exec View 3.0 Veritas www.veritas.com Unknown 1/27/2003 7:08:50 PM
ExecView v3.x for Backup Exec Veritas Unknown 1/27/2003 5:00:37 PM
Express Metrix Express Metrix www.expressmetrix.com SQL 2000/MSDE 2000
1/28/2003 11:24:26 AM
Firehouse Software Visionary Systems www.firehousesoftware.com SQL
2000/MSDE 2000 1/28/2003 12:35:22 PM
FlipFactory TeleStream http://www.telestream.net/ SQL 2000/MSDE 2000
1/27/2003 3:35:17 PM
GFI S.E.L.M GFI http://www.gfi.com/lanselm/ Unknown 1/27/2003 3:35:17
PM
Goffsoft Optimizer Goffsoft.com http://www.goffsoft.com SQL 2000/MSDE
2000 1/27/2003 5:17:20 PM
Great Plains financial software Microsoft http://www.microsoft.com SQL
2000/MSDE 2000 1/27/2003 3:35:17 PM
Hailstorm http://www.cenzic.com Unknown 1/27/2003 3:35:17 PM
Helpdesk Infra Unknown 1/27/2003 5:18:14 PM
HelpMaster Pro Unknown 1/27/2003 3:35:17 PM
Helpstar (Helpdesk) Unknown 1/27/2003 3:35:17 PM
HP Open SAN Manager V1.0C (Management Appliance) Hewlett-Packard
www.hp.com (search for SSRT2271 in the small search window) released August
2002 Unknown 1/28/2003 7:18:54 PM
HP Openview Internet Services HP www.openview.hp.com SQL 2000/MSDE 2000
1/27/2003 3:35:17 PM
HP Openview Operations for Windows HP www.openview.hp.com SQL 2000/MSDE
2000 1/27/2003 3:35:17 PM
HP OpenView Reporter HP www.openview.hp.com SQL 2000/MSDE 2000
1/28/2003 1:03:45 PM
HP OpenView Service Desk Hewlett-Packard http://www.openview.hp.com/ SQL
2000/MSDE 2000 1/28/2003 6:59:17 PM
http://www.realestate.intuit.com/ Unknown 1/27/2003 3:35:17 PM
Infortel for Windows ISI http://www.isi-info.com/ SQL 2000/MSDE 2000
1/27/2003 5:10:26 PM
Insider Reporting Module CCH EQUITY Compliance
http://www.cchequityeaseplus.com/ SQL 2000/MSDE 2000 1/28/2003 2:15:46 PM
InTouch (7.11 and above) Wonderware http://www.wonderware.com SQL
2000/MSDE 2000 1/28/2003 12:11:33 AM
IRIMS PPM 2000 http://www.ppm2000.com/ SQL 7/MSDE 1.0 1/28/2003 1:47:25
PM
ISS RealSecure Internet Security Systems Unknown 1/27/2003 3:35:17 PM
ISS System Scanner Internet Security Systems Unknown 1/27/2003
3:35:17 PM
Journyx Time*** Journyx http://www.journyx.com SQL 2000/MSDE 2000
1/28/2003 10:19:07 AM
LanDesk Intel www.intel.com Unknown 1/27/2003 5:17:44 PM
LANDesk Management Suite Unknown 1/27/2003 5:09:40 PM
Lyris Listmanager Lyris Unknown 1/27/2003 3:35:17 PM
Mail Max 5 Smartmax www.smartmax.com SQL 2000/MSDE 2000 1/27/2003
6:29:12 PM
Marshal Software MailMarshal Marshal Software Unknown 1/27/2003
3:35:17 PM
Marshal Software WebMarshal Marshal Software Unknown 1/27/2003 3:35:17
PM
McAfee ePolicy Orchestrator McAfee
http://www.mcafeeb2b.com/products/epolicy/ SQL 7/MSDE 1.0 1/27/2003
3:35:17 PM
Meeting Maker Plus Certain Software Unknown 1/27/2003 5:12:28 PM
Megatrack from BLUEMEGA BLUEMEGA Unknown 1/27/2003 3:35:17 PM
MEMO Integrator Nexus www.nexus.se SQL 2000/MSDE 2000 1/28/2003 3:18:24
AM
Microsoft .NET Framework SDK Microsoft SQL 2000/MSDE 2000 1/27/2003
3:35:17 PM
Microsoft Age of Mythology (??) Microsoft
http://www.microsoft.com/games/ageofmythology/ Unknown 1/27/2003 3:35:17
PM
Microsoft Application Center Server (custom MSDE) Microsoft
http://support.microsoft.com/default.aspx?scid=kb;en-us;813115 SQL
2000/MSDE 2000 1/27/2003 3:35:17 PM
Microsoft Explore Microsoft www.tumbleweed.com SQL 7/MSDE 1.0 1/27/2003
3:35:17 PM
Microsoft Frontpage 2002 Server Extensions Microsoft SQL 2000/MSDE 2000
1/27/2003 5:04:00 PM
Microsoft MSDN Universal and Enterprise Edition Microsoft Unknown
1/27/2003 3:35:17 PM
Microsoft Office 2000/XP Microsoft SQL 2000/MSDE 2000 1/27/2003
3:35:17 PM
Microsoft Office XP Developer Edition2 Microsoft SQL 2000/MSDE 2000
1/27/2003 3:35:17 PM
Microsoft Operations Manager (MOM) 2000 Microsoft Unknown 1/27/2003
5:11:56 PM
Microsoft Project Microsoft Unknown 1/27/2003 3:35:17 PM
Microsoft SharePoint Portal Server Microsoft SQL 2000/MSDE 2000
1/27/2003 3:35:17 PM
Microsoft SharePoint Team Services Microsoft
http://www.microsoft.com/sharepoint SQL 7/MSDE 1.0 1/27/2003 11:37:01 PM
Microsoft Small Business Manager (Great Plains) Microsoft Great Plains
www.microsoft.com/sbm SQL 2000/MSDE 2000 1/27/2003 10:06:09 PM
Microsoft Small Business Server 2000 Microsoft Unknown 1/27/2003
3:35:17 PM
Microsoft Visio 2000 Microsoft Unknown 1/27/2003 3:35:17 PM
Microsoft Visual FoxPro 7.0 Microsoft SQL 2000/MSDE 2000 1/27/2003
3:35:17 PM
Microsoft Windows .NET 2003 RC1/2 Microsoft SQL 2000/MSDE 2000
1/27/2003 3:35:17 PM
MIP NonProfit Series Pro MIP (Micro Information Products, Inc) www.mip.com
SQL 2000/MSDE 2000 1/28/2003 1:44:59 PM
MonTel (a PABX admin tool) Unknown 1/27/2003 3:35:17 PM
MS SQL 2000 Microsoft www.microsoft.com SQL 2000/MSDE 2000 1/28/2003
12:06:42 PM
NetSupport TCO NetSupport http://www.netsupport-inc.com SQL 2000/MSDE
2000 1/27/2003 5:08:49 PM
Open Manage IT Assistant Dell Unknown 1/27/2003 3:35:17 PM
Optiview Network Inspector Fluke www.flukenetworks.com SQL 2000/MSDE 2000
1/28/2003 11:17:14 AM
Patchlink Patch Management System Unknown 1/27/2003 3:35:17 PM
PDExpress http://www.lucid-data.com/ Unknown 1/27/2003 3:35:17 PM
Pentasafe's Vegilent Security Console Unknown 1/27/2003 3:35:17 PM
Plus/SQL 2000 Collins Medical, Inc. http://www.collinsmedical.com SQL
2000/MSDE 2000 1/27/2003 8:02:16 PM
POS-partner 2000 Vital Processing Services, LLC
http://www.pos-partner.com/ SQL 7/MSDE 1.0 1/27/2003 6:48:46 PM
PowerQuest Deploy Center 5 PowerQuest Unknown 1/27/2003 3:35:17 PM
Prolog Manager http://www.mps.com/products/PM/index.asp Unknown
1/27/2003 3:35:17 PM
Quest FastLane Reporter Unknown 1/27/2003 3:35:17 PM
Rapport http://www.rapporttechnologies.com/ Unknown 1/27/2003 3:35:17
PM
RedDot Content Management System Unknown 1/27/2003 3:35:17 PM
RedESoft's "Resource Scheduler" http://www.redesoft.com/ Unknown
1/27/2003 3:35:17 PM
SalesLogix http://www.saleslogix.com/ SQL 2000/MSDE 2000 1/27/2003
3:35:17 PM
SalesLogix SalesLogix http://www.saleslogix.com/ SQL 2000/MSDE 2000
1/27/2003 5:48:38 PM
Secure Perfect Casi Rusco
http://www.casi-rusco.com/products/subcat.asp?CAT=1&PROD=4L 2000/MSDE
2000 1/28/2003 1:06:41 PM
SecureScanNX - Vigilante Vigilante http://www.vigilante.com SQL 2000/MSDE
2000 1/27/2003 3:35:17 PM
SiteKeeper Executive Software Unknown 1/27/2003 5:07:20 PM
SmallWonders Enterprise Security Reporter Unknown 1/27/2003 3:35:17
PM
SolarWinds Web Enabled Network Management/ Orion 6 SolarWinds
http://solarwinds.net/Orion/Index.htm Unknown 1/28/2003 2:21:42 AM
SPYRUS Organizational Certificate Authority (OCA) SPYRUS, Inc.
WWW.SPYRUS.COM SQL 7/MSDE 1.0 1/27/2003 3:35:17 PM
SQLWorkbench SQLWorkbench http://www.sqlworkbench.com SQL 2000/MSDE 2000
1/27/2003 5:19:22 PM
StarAdmin http://www.starremote.com Unknown 1/27/2003 3:35:17 PM
Storm Watch Okena www.okena.com SQL 2000/MSDE 2000 1/27/2003 6:24:40 PM
Super Office CRM 5 (and 5.5) SuperOffice http://www.SuperOffice.com
Unknown 1/28/2003 9:04:36 AM
SupportMagic Network Associates www.nai.com SQL 2000/MSDE 2000
1/27/2003 5:01:40 PM
Time Matters DATA.TXT Corporation http://www.timematters.com SQL
2000/MSDE 2000 1/27/2003 3:35:17 PM
Timeslips Peachtree Software http://www.timeslips.com SQL 2000/MSDE 2000
1/27/2003 3:35:17 PM
Tivoli IT Director Tivoli Unknown 1/27/2003 3:35:17 PM
Track-It! Blue Ocean http://www.blueocean.com/enterprise.html Unknown
1/27/2003 3:35:17 PM
Trend Micro Control Manager 2.5 Trend Micro SQL 7/MSDE 1.0 1/27/2003
5:08:06 PM
Trend Micro Damage Cleanup Server 1.0 Trend Micro SQL 7/MSDE 1.0
1/27/2003 3:35:17 PM
Tumbleweed Secure Guardian Tumbleweed Unknown 1/27/2003 3:35:17 PM
Unicenter TNG/TND Computer Associates www.ca.com SQL 2000/MSDE 2000
1/28/2003 11:46:26 AM
Visio 2002 Enterprise Network Tools Microsoft
http://support.microsoft.com/?id=301970 SQL 2000/MSDE 2000 1/27/2003
9:58:33 PM
Visual Studio.NET Microsoft http://msdn.microsoft.com/vstudio/ SQL
2000/MSDE 2000 1/27/2003 3:35:17 PM
Visual Studio.net Microsoft www.microsoft.com SQL 2000/MSDE 2000
1/27/2003 4:57:56 PM
WebBoard Akiva http://www.akiva.com SQL 2000/MSDE 2000 1/27/2003
3:35:17 PM
WebPas VCG Software http://www.vcgsoftware.com/ Unknown 1/28/2003
2:07:23 AM
WebPDM Gerber www.gerbertechnology.com SQL 7/MSDE 1.0 1/28/2003 2:46:28
PM
Websense Unknown 1/27/2003 3:35:17 PM
Win-Pak 2.0 release 3 (rel. 2 is MS Access based) Northern Computers, Inc.
http://www.nciaccessworld.com Unknown 1/28/2003 10:57:43 AM
Windows XP Embedded Microsoft www.microsoft.com SQL 2000/MSDE 2000
1/28/2003 8:48:28 AM

<http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security
/MSDEapps.asp>
UPDATED: January 28, 2003
DATE: January 27, 2003
**********************************************************************
Microsoft products that install MSDE fall into one of three categories:
Products that require an explicit selection to install MSDE:
.NET Framework SDK
ASP.NET Web Matrix
BizTalk� Server 2002 Partner Edition
Host Integration Server 2000
Office XP Premium, Professional, Developer
Project Server 2002
Small Business Server 2000
SQL Server 2000, Enterprise Edition, Developer Edition, Personal Edition
(RTM, SP1, SP2)
Visual FoxPro� 7.0 and 8.0 beta
Visual Studio� Standard, Professional, Academic, Enterprise (.NET release
only - not 6.0)
Windows Enterprise Server 2003 RC1, only if UDDI is enabled
Windows Server 2003 RC1, only if UDDI is enabled
Products that install MSDE by default:
Application Center 2000 RTM, SP1, SP2
Operations Manager 2000 RTM, SP1
SharePointT Team Services 2.0 beta
Products with the updated version of MSDE which includes SP3, and are
therefore are not affected:
Windows Enterprise Server 2003 RC2
Windows Server 2003 RC2
All customers are encouraged to verify that MSDE 2000 is present via the
following steps:
Right-click on the My Computer icon
Select Manage
Double-Click on Services and
Double-Click Services
If MSSQLSERVER is in the list of services, the default instance of MSDE is
installed on the machine. Other instances may exist, if they do they will be
listed as MSSQL$**** (where stars indicate the name of the instance)
Instructions for removing the Slammer Virus from MSDE can be found at:
http://www.microsoft.com/technet/security/virus/alerts/slammer.asp
For the most current information about additional security-related
information about Microsoft products, visit the following Microsoft Web
site:
http://www.microsoft.com/security

----- Original Message -----
From: "Richard M. Smith" <rms@computerbytesman.com>
To: "'Full-Disclosure'" <full-disclosure@lists.netsys.com>
Sent: Tuesday, January 28, 2003 7:54 PM
Subject: RE: [Full-Disclosure] FW: VERITAS Software Technical Advisory

> I was more interested to find out what other applications that Microsoft
> SQL engine is embedded in. Does anyone know of a complete list?
>
> Richard
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Next message: KF: "Re: RE : [Full-Disclosure] [Secure Network Operations, Inc.] Full Disclosure != Exploit Release"
Previous message: Tina Bird: "RE: [Full-Disclosure] FW: VERITAS Software Technical Advisory"
In reply to: Richard M. Smith: "RE: [Full-Disclosure] FW: VERITAS Software Technical Advisory"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]