|
|
Microsoft SQL Server 7.0/2000 DBCC存在缓冲溢出漏洞
发布时间:2002-10-08
更新时间:2002-10-08
严重程度:高
威胁程度:远程管理员权限
错误类型:边界检查错误
利用方式:服务器模式
BUGTRAQ ID:5877
CVE(CAN) ID:CAN-2002-1137
受影响系统Microsoft Data Engine 1.0
- Microsoft Access 2000
- Microsoft Project Central Server
- Microsoft Visual Studio 6.0
Microsoft Data Engine 2000
+ Microsoft SQL Server 2000
Microsoft SQL Server 7.0 SP4
- Microsoft SQL Server 7.0
Microsoft SQL Server 7.0 SP3
- Microsoft SQL Server 7.0
Microsoft SQL Server 7.0 SP2
- Microsoft SQL Server 7.0
Microsoft SQL Server 7.0 SP1
- Microsoft SQL Server 7.0
Microsoft SQL Server 7.0
- Microsoft BackOffice 4.5
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6a
Microsoft SQL Server 2000 SP2
Microsoft SQL Server 2000 SP1
- Microsoft Windows 2000 Workstation
- Microsoft Windows 2000 Workstation SP1
- Microsoft Windows 2000 Workstation SP2
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6a
Microsoft SQL Server 2000
- Microsoft Windows 2000 Workstation
- Microsoft Windows 2000 Workstation SP1
- Microsoft Windows 2000 Workstation SP2
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6a 详细描述
SQL SERVER 7.0和2000包含的Database Console Commands (DBCCs)组件存在漏洞,在严重的情况下,这个漏洞可导致攻击者以SQL服务权利执行任意代码,使攻击者控制整个数据库系统。
测试代码
无
解决方案
补丁下载:
Microsoft SQL Server 2000 SP2:
Microsoft Patch Q316333
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q316333&sd=tech
Microsoft SQL Server 2000 SP1:
Microsoft SQL Server 2000 :
Microsoft Data Engine 2000 :
Microsoft Data Engine 1.0:
Microsoft SQL Server 7.0 SP4:
Microsoft Patch Q327068
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q327068&sd=tech
相关信息
Martin Rakhmanoff <jimmers@yandex.ru>.
参考:http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-056.asp
|
