FIX: Unchecked Buffer May Occur When You Connect to Remote Data Source (317979)
The information in this article applies to:
- Microsoft SQL Server 2000 (all editions)
- Microsoft SQL Server 7.0
This article was previously published under Q317979
This article discusses a security or privacy issue that may affect the operation of your computer. The information in this article is provided "as-is" without warranty of any kind. The workaround or hotfix that is described in this article addresses the issue as it is currently understood, but may not protect against any undiscovered variants of this issue. Microsoft recommends that you apply this cumulative patch or implement the workarounds if one is provided.
BUG #: 102359 (SQLBUG_70)
BUG #: 356666 (SHILOH_BUGS)
SYMPTOMS
When you submit a query to a remote data source and the query contains a string longer than what is expected, the buffer could be overwritten. If you submit a query that has a string longer than expected, the query may cause a handled exception of this SQL Server thread, or may allow an attacker to run arbitrary code under the security context in which the SQL Server service is running.
RESOLUTIONSQL Server 2000
To resolve this problem in SQL Server 2000, use these steps:
- Obtain and install SQL Server 2000 Service Pack 2.
For information on how to obtain SQL Server 2000 Service Pack 2, see the following article in the Microsoft Knowledge Base:290211 INF: How to Obtain the Latest SQL Server 2000 Service Pack
- Apply the hotfix.
The English version of this fix should have the following file attributes or later:
Date Time Version Size File name
-----------------------------------------------------------------
2/12/2002 11:28 PM 8.00.0578 7269 KB Sqlservr.exe
NOTE: Due to file dependencies, the most recent hotfix or feature that contains the preceding files may also contain additional files.
To download the hotfix for SQL Server 2000, see the following article in the Microsoft Knowledge Base:
316333 INF: SQL Server 2000 Security Update for Service Pack 2
SQL Server 7.0To resolve this problem, obtain the latest service pack for Microsoft SQL Server 7.0. For additional information, click the following article number to view the article in the
Microsoft Knowledge Base:
301511 INF: How to Obtain the Latest SQL Server 7.0 Service Pack
: The following hotfix was created prior to Microsoft SQL Server 7.0 Service Pack 4. Hotfix:
To resolve this problem in SQL Server 7.0, follow these steps:
- Obtain SQL Server 7.0 Service Pack 3.
For information about how to obtain SQL Server 7.0 Service Pack 3, see the following article in the Microsoft Knowledge Base:
274799 INF: How to Obtain Service Pack 3 for Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0
- Apply the appropriate hotfix for your platform.
Intel
The English version of this fix for the Intel platform should have the following file attributes or later:
Date Time Version Size File name
---------------------------------------------------------------------
2/18/2002 4:19 PM 7.00.1021.02 4937 KB Sqlservr.exe
NOTE: Because of file dependencies, the most recent hotfix or feature that contains the preceding files may also contain additional files.
Alpha
The English version of this fix for the Alpha platform should have the following file attributes or later:
Date Time Version Size File name
---------------------------------------------------------------------
2/18/2002 4:19 PM 7.00.1021.02 11385 KB Sqlservr.exe
NOTE: Due to file dependencies, the most recent hotfix or feature that contains the preceding files may also contain additional files.
To download the hotfix for SQL Server 7.0 (for either platform), see the following article in the Microsoft Knowledge Base:318268 INF: SQL Server 7.0 Security Update for Service Pack 3
STATUSMicrosoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.
SQL Server 7.0
This problem was first corrected in Microsoft SQL Server 7.0 Service Pack 4.
| Modification Type: | Minor | Last Reviewed: | 9/27/2005 |
|---|
| Keywords: | kbHotfixServer kbQFE kbbug kbfix kbSQLServ700preSP4fix KB317979 |
|---|
|