Alert: Microsoft Security Bulletin - MS02-061
From: Russ (Russ.Cooper@RC.ON.CA)Date: 10/17/02
- Previous message: Russ: "Alert: Microsoft Security Bulletin - MS02-060"
- Next in thread: Betka, Corey: "Re: Alert: Microsoft Security Bulletin - MS02-061"
- Reply: Betka, Corey: "Re: Alert: Microsoft Security Bulletin - MS02-061"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 16 Oct 2002 19:21:21 -0400 From: Russ <Russ.Cooper@RC.ON.CA> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
http://www.microsoft.com/technet/security/bulletin/MS02-061.asp
Elevation of Privilege in SQL Server Web Tasks (Q316333)
Originally posted: October 16, 2002
Summary
Who should read this bulletin: System administrators using Microsoft® SQL Server(tm) 7.0, SQL Server 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000.
Impact of vulnerability: Elevation of privilege
Maximum Severity Rating: Critical
Recommendation: System administrators should apply the patch to affected systems.
Affected Software:
- Microsoft SQL Server 7.0
- Microsoft Data Engine (MSDE) 1.0
- Microsoft SQL Server 2000
- Microsoft Desktop Engine (MSDE) 2000
Technical description:
This is a cumulative patch that includes the functionality of all previously released patches for SQL Server 7.0, SQL Server 2000, and Microsoft Data Engine (MSDE) 1.0, Microsoft Desktop Engine (MSDE) 2000. In addition, it eliminates one newly discovered vulnerability.
SQL Server 7.0 and 2000 provide stored procedures which is a collection of Transact-SQL statements stored under a name and processed as a group. One stored procedure, an extended stored procedure and weak permissions on a table combine to allow a low privileged user the ability to run, delete, insert or update web tasks.
An attacker who is able to authenticate to a SQL server could delete, insert or update all the web tasks created by other users. In addition, the attacker could run already created web tasks in the context of the creator of the web task. This typically runs in the context of the SQL Server Agent service account.
Mitigating factors:
- It is necessary to be an authenticated user of the SQL Server.
- Exploiting this vulnerability could allow the attacker to escalate privileges to the level of the SQL Server service account. By default, the service runs with the privileges of a domain user, rather than with system privileges.
- Web tasks have to exist in the first place.
Vulnerability identifier: CAN-2002-1145
This email is sent to NTBugtraq automatically as a service to my subscribers. Since its programmatically created, and since its been a long time since anyone paid actual money for my programming skills, it may or may not look that good...;-]
I can only hope that the information it does contain can be read well enough to serve its purpose.
Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor
- Previous message: Russ: "Alert: Microsoft Security Bulletin - MS02-060"
- Next in thread: Betka, Corey: "Re: Alert: Microsoft Security Bulletin - MS02-061"
- Reply: Betka, Corey: "Re: Alert: Microsoft Security Bulletin - MS02-061"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
