[VulnWatch] Slapper/Sapphire Vulnerable non-Microsoft products (update)

From: Chris Wysopal (weld@vulnwatch.org)
Date: 01/28/03

  • Next message: Fozzy [Hackademy Audit]: "[VulnWatch] MIT Kerberos FTP client remote shell commands execution"
    Date: Tue, 28 Jan 2003 22:08:48 +0000 (GMT)
    From: Chris Wysopal <weld@vulnwatch.org>
    To: vulnwatch@vulnwatch.org
    
    

    I have been informed that on Jan 25th Veritas notified their Veritas Backup
    Exec customers that they should install the MSDE 200 patch.

    Also SQLSecurity.com is maintaining a list of SQL Server/MSDE-Based
    applications:

    http://www.sqlsecurity.com/DesktopDefault.aspx?tabindex=10&tabid=13bound to have bugs. Feel free to email <br> me any issues.

    -Chris



    Relevant Pages

    • Re: .NET and MSDE
      ... So it will not harm anything if they install the regular ... patch for MSDE as well? ... >the sql2kdesk.exe patch won't apply to the NETSDK ... >information for users of the Microsoft .NET Framework SDK ...
      (microsoft.public.sqlserver.security)
    • Re: question about patching MSDE 2000
      ... >So it's a named instance? ... Are you applying the patch to ... To install a named istance MS documentation says to add to ... MSDE 2000 using a file different than sqlrun01.msi and I ...
      (microsoft.public.sqlserver.security)
    • Re: question about patching MSDE 2000
      ... Are you applying the patch to ... > To install a named istance MS documentation says to add to ... > MSDE 2000 using a file different than sqlrun01.msi and I ... >>> of the patch seems to succeed, when I verify the version ...
      (microsoft.public.sqlserver.security)
    • Re: MicroMonopoly aids Terrorism?
      ... >>>> The patch is simple to install. ... >>>> You do not get much simpler than it is to install. ... >> Although it is not mentioned in the article, one reason I kept ... With very few exceptions, MSDE only ...
      (microsoft.public.security)
    • MSDE an SP3
      ... The last patch i need to install is SQL SP3 for MSDE. ...
      (microsoft.public.windows.server.sbs)