xfocus logo xfocus title
首页 焦点原创 安全文摘 安全工具 安全漏洞 焦点项目 焦点论坛 关于我们
English Version
 最近严重漏洞 
Microsoft RPC接口远程任意代码可执行漏洞
Cisco IOS接口不正确处理IPV4包远程拒绝服务漏洞
Microsoft Windows CreateFile API命名管道权限提升漏洞

Microsoft SQL Server LPC端口请求本地缓冲区溢出漏洞


发布时间:2003-08-01
更新时间:2003-08-01
严重程度:
威胁程度:权限提升
错误类型:边界检查错误
利用方式:服务器模式

BUGTRAQ ID:8275
CVE(CAN) ID:CAN-2003-0232

受影响系统
Microsoft Data Engine 1.0
   + Affymetrix Microarray Suite Software 5.0
   + Affymetrix Microarray Suite Software 5.0.1
   + Altiris Deployment Server 5.0.1
   + Altiris Deployment Server 5.5
   + BlackBerry Enterprise Server 2.0 .0.65
   + Centennial UK Ltd Centennial Discovery 4.4
   + Compaq Insight Manager 7.0
   + Compaq Insight Manager 7.0 SP1
   + Gerber Technology WebPDM 3.9
   + McAfee ePolicy Orchestrator 1.0
   + McAfee ePolicy Orchestrator 1.1
   + McAfee ePolicy Orchestrator 2.0
   + McAfee ePolicy Orchestrator 2.5
   + McAfee ePolicy Orchestrator 2.5 SP1
   - Microsoft Access 2000
   - Microsoft Project Central Server
   + Microsoft SharePoint Team Services
   - Microsoft Visual Studio 6.0
   + PowerQuest ControlCenter ST 2.0
   + PPM 2000 Incident Reporting and Investigation Management 5.1
   + Trend Micro Control Manager 2.5
   + Trend Micro Damage Cleanup Server 1.0
   + Vital Processing Services, LLC POS-partner 2000 4.1.11
   + Vital Processing Services, LLC POS-partner 2000 5.0.13
   + Websense Reporter 6.3.1
Microsoft SQL Server 7.0 SP4
   - Microsoft SQL Server 7.0
Microsoft SQL Server 7.0 SP3
   - Microsoft SQL Server 7.0
Microsoft SQL Server 7.0 SP2
   - Microsoft SQL Server 7.0
Microsoft SQL Server 7.0 SP1
   - Microsoft SQL Server 7.0
Microsoft SQL Server 7.0
   - Microsoft BackOffice 4.5
   - Microsoft Windows NT 4.0
   - Microsoft Windows NT 4.0 SP1
   - Microsoft Windows NT 4.0 SP2
   - Microsoft Windows NT 4.0 SP3
   - Microsoft Windows NT 4.0 SP4
   - Microsoft Windows NT 4.0 SP5
   - Microsoft Windows NT 4.0 SP6
   - Microsoft Windows NT 4.0 SP6a
Microsoft SQL Server 2000 SP3a
Microsoft SQL Server 2000 SP3
Microsoft SQL Server 2000 SP2
Microsoft SQL Server 2000 SP1
   - Microsoft Windows 2000 Workstation
   - Microsoft Windows 2000 Workstation SP1
   - Microsoft Windows 2000 Workstation SP2
   - Microsoft Windows NT 4.0 SP5
   - Microsoft Windows NT 4.0 SP6
   - Microsoft Windows NT 4.0 SP6a
Microsoft SQL Server 2000
   - Microsoft Windows 2000 Workstation
   - Microsoft Windows 2000 Workstation SP1
   - Microsoft Windows 2000 Workstation SP2
   - Microsoft Windows NT 4.0
   - Microsoft Windows NT 4.0 SP5
   - Microsoft Windows NT 4.0 SP6
   - Microsoft Windows NT 4.0 SP6a
Microsoft SQL Server 2000 Desktop Engine
   + Akiva WebBoard 6.1
   + Microsoft Access 2000
   + Microsoft Application Center 2000
   + Microsoft BizTalk Server 2000 Developer Edition
   + Microsoft BizTalk Server 2000 Enterprise Edition
   + Microsoft BizTalk Server 2000 Standard Edition
   + Microsoft BizTalk Server 2002 Developer Edition
   + Microsoft BizTalk Server 2002 Enterprise Edition
   + Microsoft Office 2000
   + Microsoft Project Central Server
   + Microsoft SharePoint Team Services
   + Microsoft Visio 2000 Enterprise Edition
   + Microsoft Visio Enterprise Network Tools
   + Microsoft Visual FoxPro 6.0
   + Microsoft Visual Studio 6.0
   + Microsoft Visual Studio .NET Academic Edition
   + Microsoft Visual Studio .NET Enterprise Architect Edition
   + Microsoft Visual Studio .NET Enterprise Developer Edition
   + Microsoft Visual Studio .NET Professional Edition
   + SmartMax Software MailMax 5.0
   + Veritas Software Backup Exec 9.0
详细描述
Microsoft SQL Server使用LPC(本地过程调用)来实现进程间通信,这个端口提的服务可以被任何人使用。通过发送特殊构建的消息到这个端口,攻击者就可能覆盖部分SQL服务进程的敏感内存,并可能执行任意代码。

MSDE也存在这个问题,MSDE包含多个Microsoft和非Microsoft产品,相关列表可以从如下地址获得:

http://www.sqlsecurity.com/DesktopDefault.aspx?tabindex=10&tabid=13

测试代码
尚无

解决方案
补丁下载:

Microsoft SQL Server 2000 SP3a:

Microsoft Patch SQL2000-KB815495-8.00.0818-ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=9814AE9D-BD44-40C5-ADD3-B8C99618E68D&displaylang=en
SQL Server 2000 32-bit

Microsoft Patch SQL2000-KB815495-8.00.0818-ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=72336508-057A-4E86-8F2E-CB1BD3A6A44B&displaylang=en
SQL Server 2000 64-bit

Microsoft SQL Server 2000 SP3:

Microsoft Patch SQL2000-KB815495-8.00.0818-ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=9814AE9D-BD44-40C5-ADD3-B8C99618E68D&displaylang=en
SQL Server 2000 32-bit

Microsoft Patch SQL2000-KB815495-8.00.0818-ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=72336508-057A-4E86-8F2E-CB1BD3A6A44B&displaylang=en
SQL Server 2000 64-bit

Microsoft SQL Server 2000 Desktop Engine :

Microsoft Patch SQL2000-KB815495-8.00.0818-ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=9814AE9D-BD44-40C5-ADD3-B8C99618E68D&displaylang=en
SQL Server 2000 32-bit

Microsoft Patch SQL2000-KB815495-8.00.0818-ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=72336508-057A-4E86-8F2E-CB1BD3A6A44B&displaylang=en
SQL Server 2000 64-bit

Microsoft Data Engine 1.0:

Microsoft Patch SQL70-KB815495-v7.00.1094-ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=FE5B0892-A5C9-44C2-9B42-0D291E9C1636&displaylang=en

Microsoft SQL Server 7.0 SP4:

Microsoft Patch SQL70-KB815495-v7.00.1094-ENU.exe
http://microsoft.com/downloads/details.aspx?FamilyId=FE5B0892-A5C9-44C2-9B42-0D291E9C1636&displaylang=en

相关信息
参考:http://www.securityfocus.com/archive/1/330179
http://www.microsoft.com/technet/security/bulletin/MS03-031.asp
Copyright © 1998-2003 XFOCUS Team. All Rights Reserved