MS03-031: Cumulative security patch for SQL Server (815495)
The information in this article applies to:
- Microsoft SQL Server 2000 64 bit (all editions)
- Microsoft SQL Server 2000 (all editions) SP3
- Microsoft SQL Server 2000 (all editions) SP3a
- Microsoft SQL Server 7.0 Service Pack 4
- Microsoft SQL Server 2000 Desktop Engine (MSDE) SP3
- Microsoft Data Engine (MSDE) 1.0
- Microsoft Data Engine (MSDE) 1.0 SP4
SUMMARYMicrosoft has released a security patch to correct
vulnerabilities in the following products:
- Microsoft SQL Server 2000 Service Pack 3 (SP3)
- Microsoft SQL Server 2000 Desktop Engine (MSDE) Service
Pack 3
- Microsoft SQL Server 2000 64-bit
- Microsoft SQL Server 7.0 Service Pack 4 (SP4)
- Microsoft Data Engine 1.0 Service Pack 4 (SP4)
Here is a list of the vulnerabilities that are resolved in
this security patch:
- Named pipe hijacking
When SQL Server starts, it creates and then listens on a
specific named pipe for incoming connections to the server. A named pipe is a
specifically named one-way or two-way channel for communication between a pipe
server and one or more pipe clients. SQL Server checks the named pipe to verify
what connections can log on to the system that is running SQL Server to run
queries against data that is stored on the server.
A flaw exists in
the checking method for the named pipe that might allow an attacker who is
local to the system that is running SQL Server to hijack (gain control of) the
named pipe when another client uses an authenticated logon password to logon.
This would allow the attacker to gain control of the named pipe at the same
permission level as the user who is trying to connect. If the user who is
trying to connect remotely has a higher level of permissions than the attacker
does, the attacker will assume those rights when the named pipe is compromised.
- Named pipe denial of service
In the same named pipes scenario that is mentioned in the
"Named Pipe Hijacking" section of this article, an unauthenticated user who is
local to the intranet might be able to send a very large packet to a specific
named pipe where the system running SQL Server is listening and cause it to
become unresponsive.
This vulnerability does not allow an attacker to
run arbitrary code or elevate their permissions; however, a denial of service
condition might still exist that requires you to restart the server to restore
functionality. - SQL Server buffer overrun
A flaw exists in a specific Windows function that may allow
an authenticated user who has direct access to log on to the system running SQL
Server the ability to create a specially crafted packet that when sent to the
listening local procedure call (LPC) port of the system, can cause a buffer
overrun. If successfully exploited, this can allow a user who has limited
permissions on the system to elevate their permissions to the level of the SQL
Server service account, or cause arbitrary code to run.
MORE INFORMATION For more information about these vulnerabilities
and how to obtain the patches, select the Microsoft Knowledge Base article that
corresponds with your version of SQL Server from the following list. SQL Server 2000 Service Pack 3 (SP3) or Microsoft SQL Server 2000 Desktop Engine (MSDE) Service
Pack 3 (SP3)821277 MS03-031: Security patch for SQL Server 2000 Service Pack 3
Important notesRead these important notes regarding the installation of this
security patch on a computer that is running SQL Server 2000 SP3. Universal Description, Discovery, and Integration (UDDI) ServicesIf you install this security patch on a computer that is
running Microsoft Windows Server 2003 and UDDI Services is installed, you must
take one of two actions to restart UDDI Services, depending on your
circumstances. UDDI Services will not resume normal functioning until you do.
- If no other Web service is in use on the computer
that is running Windows Server 2003, you can restart the UDDI Services by
restarting Microsoft Internet Information Services (IIS). Restarting IIS is the
same as first stopping IIS, and then starting it again, except it is done with
a single command. There are two ways to restart IIS:
- Use the IIS Manager graphical user
interface.
- Use the IISReset command-line utility.
- If other Web services are in use on the computer
that is running Windows Server 2003, you may not want to affect their
operation. To restart the UDDI Services, follow these steps:
- Start the IIS Manager utility.
- Locate the Application Pools folder, and then right-click the MSUDDIAppPool icon.
- Click to select the Recycle
menu option. Doing so will allow UDDI Services to resume operation without
affecting any other Web service on the computer.
An error message occurs when you connect to a Microsoft Windows NT 4.0-based computer by using named pipesWhen you connect to a Windows NT 4.0-based computer
that is running Microsoft SQL Server 2000 by using named pipes, and that
connection is made by a non-admin user, you may receive an error message
that resembles one of the following: Connection could
not be established. SQL Server does not exist Connection could not be established. Access
is denied. To obtain a hotfix to resolve this error message, see the
following article in the Microsoft Knowledge Base:
823492 "Connection could not be established" error message when you connect to a Windows NT 4.0-based computer that is running SQL Server 2000 or SQL Server 7.0
SQL Server 2000 64-bit821280 MS03-031: Security patch for SQL Server 2000 64-bit
SQL Server 7.0 Service Pack 4 (SP4) or Microsoft Data Engine 1.0 Service Pack 4 (SP4)821279 MS03-031: Security patch for SQL Server 7.0 Service Pack 4
Important notesRead these important notes about the installation of this security
patch on a computer that is running SQL Server 7.0 Service Pack 4
(SP4). An error message occurs when you connect to a Microsoft Windows NT 4.0-based computer by using named pipesWhen you connect to a Windows NT 4.0-based computer
that is running Microsoft SQL Server 2000 by using named pipes, and that
connection is made by a non-admin user, you may receive an error message
that resembles one of the following: Connection could
not be established. SQL Server does not exist Connection could not be established. Access
is denied. To obtain a hotfix to resolve this error message, see the
following article in the Microsoft Knowledge Base:
823492 "Connection could not be established" error message when you connect to a Windows NT 4.0-based computer that is running SQL Server 2000 or SQL Server 7.0
Modification Type: | Major | Last Reviewed: | 5/10/2006 |
---|
Keywords: | kbSQLServ2000preSP4fea kbSQLServ700preSP5fix kbQFE kbfix kbBug KB815495 kbAudDeveloper |
---|
|