[VulnWatch] Slapper/Sapphire Vulnerable non-Microsoft products

From: Chris Wysopal (weld@vulnwatch.org)
Date: 01/28/03

  • Next message: Chris Wysopal: "[VulnWatch] Slapper/Sapphire Vulnerable non-Microsoft products (update)" 
    Date: Tue, 28 Jan 2003 21:30:02 +0000 (GMT)
From: Chris Wysopal <weld@vulnwatch.org>
To: vulnwatch@vulnwatch.org

    I haven't seen any bulletins from the following vendors whose products
    contain vulnerable versions of MS SQL Server 2000 or MSDE 2000. I have
    collected these products from the NIPC bulletin and discussion lists.

    Compaq Insight Manager
    Crystal Reports Enterprise
    Dell OpenManage
    HP Openview Internet Services Monitor
    McAfee Centralized Virus Admin
    McAfee Epolicy Orchestrator
    Trend Micro Damage Cleanup Server
    Websense Reporter
    Veritas Backup Exec
    WebBoard Conferencing Server
    ISS RealSecure 7.0
    ISS Internet Scanner

    There are likely many more.

    A list of Microsoft products that contain MSDE 2000:
    http://www.microsoft.com/technet/security/MSDEapps.asp

    -Chris

    Relevant Pages

    • Re: Help with Master/Detail UI in ADPs
      ... No, MSDE is not limited to 5 concurrent users, it is limited to 5 concurrent ... The users whose connection to the server is idle at any moment don't count. ... and from the local temp table to the Detail table on the server for rows ...
      (microsoft.public.access.adp.sqlserver)
    • Re: Unable to connect to SQL 2000 engine on other machine from SSM
      ... how SQLServer-Browser resolves portnumber of MSDE named instance. ... Windows 2003 Server ships with SSEE preinstalled (for ... port information to your client. ...
      (microsoft.public.sqlserver.connect)
    • Re: Unable to connect to SQL 2000 engine on other machine from SSM
      ... Upgrade MSDE to SP4: not ok. ... Windows 2003 Server ships with SSEE preinstalled (for ... > port information to your client. ...
      (microsoft.public.sqlserver.connect)
    • Re: MSDE and IIS - Web Hosting
      ... sites getting over 3M hits per month and MOST of those hits were on ... when going to Windows 2003 Server and running very SMALL sites using ... coding for MSDE instead of Access because it's really our only option. ... but not as well as SQL Server who knows. ...
      (microsoft.public.sqlserver.msde)
    • RE: Fail to install MSDE (log attached)
      ... trouble getting MSDE installed. ... Setup failed to configure the server. ... file located in the install directory where you are installing MSDE. ...
      (microsoft.public.sqlserver.msde)