FIX: SQL Server Text Formatting Functions Contain Unchecked Buffers (304850)


The information in this article applies to:

  • Microsoft SQL Server 2000 (all editions)
This article was previously published under Q304850
BUG #: 354983 (SHILOH_BUGS)

SYMPTOMS

SQL Server 2000 provides a number of functions that enable database queries to generate text messages. In some cases, the functions create a text message and store it in a variable; in others, the functions directly display the message. Microsoft has discovered a vulnerability with these functions.

Use of an invalid format type character may allow SQL Server to overwrite an internal buffer that may overwrite an address in the SQL Server process space with arbitrary data. If SQL Server overwrites an address in the SQL Server process space with arbitrary data, SQL Server may potentially allow you to execute arbitrary code within SQL Server or the SQL Server process may abnormally terminate.
For additional information about this security fix, visit the following Microsoft Web site:

Microsoft Security Bulletin MS01-060


To ensure that you are running the latest security updates for SQL Server 2000, see the following article in the Microsoft Knowledge Base:

316426 SQL Server 2000 Security Update for Service Pack 1

CAUSE

The SQL Server parser incorrectly allows you to use an invalid type character with some text functions.

RESOLUTION

To resolve this problem, obtain Microsoft SQL Server 2000 Service Pack 2.

For information on how to obtain SQL Server 2000 Service Pack 2 (SP2), see the following article in the Microsoft Knowledge Base:

290211 INF: How to Obtain the Latest SQL Server 2000 Service Pack

If you are not able to upgrade to Microsoft SQL Server 2000 Service Pack 2, you have two options:
  • The preferred method is to refer to the following Microsoft Knowledge Base article to obtain all of the security updates for SQL Server 2000 Service Pack 1:

    316426 SQL Server 2000 Security Update for Service Pack 1

    -or-

  • Download a specific patch for this issue.

    The following file is available for download from the Microsoft Download Center:

    s80428i.exe

    Release Date: DEC-20-2001

    For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:

    119591 How To Obtain Microsoft Support Files from Online Services

    Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.

    Note: SQL Server 2000 SP1 is required to apply this fix.

STATUS

Microsoft has confirmed this to be a problem in SQL Server 2000.

This problem was first corrected in Microsoft SQL Server 2000 Service Pack 2.
Modification Type:MinorLast Reviewed:8/5/2004
Keywords:kbdownload kbbug kbfix kbSecurity kbSQLServ2000preSP2Fix KB304850
©2004 Microsoft Corporation. All rights reserved.