Summary
Detail | |||
---|---|---|---|
Vendor | Microsoft | First view | 2001-01-09 |
Product | Sql Server | Last view | 2012-09-25 |
Version | 2000 | Type | Application |
Update | - | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:microsoft:sql_server |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
4.3 | 2012-09-25 | CVE-2012-4015 | Cross-site scripting (XSS) vulnerability in the management screen in myLittleTools myLittleAdmin for SQL Server 2000 allows remote attackers to inject arbitrary web script or HTML via vectors that trigger a crafted database entry. |
9 | 2008-12-10 | CVE-2008-5416 | Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier; SQL Server 2000 Desktop Engine (MSDE 2000) SP4; SQL Server 2005 SP2 and 9.00.1399.06; SQL Server 2000 Desktop Engine (WMSDE) on Windows Server 2003 SP1 and SP2; and Windows Internal Database (WYukon) SP2 allows remote authenticated users to cause a denial of service (access violation exception) or execute arbitrary code by calling the sp_replwritetovarbin extended stored procedure with a set of invalid parameters that trigger memory overwrite, aka "SQL Server sp_replwritetovarbin Limited Memory Overwrite Vulnerability." |
7.6 | 2008-09-16 | CVE-2008-4110 | Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in Tools\Binn\sqlvdir.dll in Microsoft SQL Server 2000 (aka SQL Server 8.0) allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long URL in the second argument to the Connect method. NOTE: this issue is not a vulnerability in many environments, since the control is not marked as safe for scripting and would not execute with default Internet Explorer settings. |
7.2 | 2003-08-27 | CVE-2003-0232 | Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow. |
5 | 2003-08-27 | CVE-2003-0231 | Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe. |
7.2 | 2003-08-27 | CVE-2003-0230 | Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability. |
5 | 2002-12-31 | CVE-2002-1981 | Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings. |
5 | 2002-12-31 | CVE-2002-1872 | Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password. |
10 | 2002-10-28 | CVE-2002-1145 | The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions. |
7.5 | 2002-10-11 | CVE-2002-1138 | Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs." |
7.5 | 2002-10-11 | CVE-2002-1137 | Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644. |
7.5 | 2002-09-24 | CVE-2002-1123 | Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow. |
7.5 | 2002-09-05 | CVE-2002-0859 | Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code. |
10 | 2002-09-05 | CVE-2002-0721 | Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt. |
5 | 2002-08-12 | CVE-2002-0729 | Microsoft SQL Server 2000 allows remote attackers to cause a denial of service via a malformed 0x08 packet that is missing a colon separator. |
5 | 2002-08-12 | CVE-2002-0650 | The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a "ping" style packet to the Resolution Service (UDP port 1434) with a spoofed IP address of another SQL Server system, which causes the two servers to exchange packets in an infinite loop. |
7.5 | 2002-08-12 | CVE-2002-0649 | Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption, as exploited by the Slammer/Sapphire worm. |
7.5 | 2002-08-12 | CVE-2002-0645 | SQL injection vulnerability in stored procedures for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 may allow authenticated users to execute arbitrary commands. |
7.5 | 2002-08-12 | CVE-2002-0644 | Buffer overflow in several Database Consistency Checkers (DBCCs) for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows members of the db_owner and db_ddladmin roles to execute arbitrary code. |
4.6 | 2002-07-23 | CVE-2002-0643 | The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and Microsoft SQL Server 2000 creates setup.iss files with insecure permissions and does not delete them after installation, which allows local users to obtain sensitive data, including weakly encrypted passwords, to gain privileges, aka "SQL Server Installation Process May Leave Passwords on System." |
7.2 | 2002-07-23 | CVE-2002-0642 | The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Permission on SQL Server Service Account Registry Key." |
7.5 | 2002-07-23 | CVE-2002-0641 | Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query. |
7.5 | 2002-07-23 | CVE-2002-0624 | Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in Password Encryption Procedure." |
7.5 | 2002-07-03 | CVE-2002-0187 | Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag." |
7.5 | 2002-07-03 | CVE-2002-0186 | Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension." |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
50% (3) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
16% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
16% (1) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
16% (1) | CWE-20 | Improper Input Validation |
CAPEC : Common Attack Pattern Enumeration & Classification
id | Name |
---|---|
CAPEC-20 | Encryption Brute Forcing |
CAPEC-58 | Restful Privilege Elevation |
CAPEC-112 | Brute Force |
SAINT Exploits
Description | Link |
---|---|
Microsoft SQL Server Hello buffer overflow | More info here |
Microsoft SQL Server spreplwritetovarbin Buffer Overflow | More info here |
Microsoft SQL Server 2000 resolution service buffer overflow | More info here |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
60004 | Microsoft SQL Server Multiple Stored Procedure Unprivileged Configuration Man... |
59636 | Microsoft SQL Server SQL Authentication Password Encryption Weakness |
50589 | Microsoft SQL Server 2000 sp_replwritetovarbin() Stored Procedure Overflow |
48220 | Microsoft SQL Server SQLVDIRLib.SQLVDirControl ActiveX (Tools\Binn\sqlvdir.dl... |
13434 | Microsoft Windows Distributed Transaction Coordinator (DTC) Malformed Input DoS |
10183 | Microsoft SQL Server xp_sprintf Function DoS |
10181 | Microsoft SQL Server formatmessage Function DoS |
10166 | Microsoft SQL Server raiserror Function DoS |
10160 | Multiple RPC Servers Malformed Input Remote DoS |
10159 | Microsoft SQL Server Multiple Extended Stored Procedure Overflows |
10158 | Microsoft SQL Server Password Encryption Procedure Overflow |
10157 | Microsoft SQL Server BULK INSERT Query Overflow |
10154 | Microsoft SQL Server xp_SetSQLSecurity Function Overflow |
10153 | Microsoft SQL Server xp_proxiedmetadata Function Overflow |
10152 | Microsoft SQL Server xp_printstatements Function Overflow |
10151 | Microsoft SQL Server xp_peekqueue Function Overflow |
10150 | Microsoft SQL Server xp_updatecolvbm Function Overflow |
10149 | Microsoft SQL Server xp_showcolv Function Overflow |
10148 | Microsoft SQL Server xp_enumresultset Function Overflow |
10147 | Microsoft SQL Server xp_displayparamstmt Function Overflow |
10146 | Microsoft SQL Server xp_sprintf Function Overflow |
10145 | Microsoft SQL Server formatmessage Function Overflow |
10144 | Microsoft SQL Server raiserror Function Overflow |
10143 | Microsoft SQL Server OpenRowset OLE DB Provider Name Overflow |
10142 | Microsoft SQL Server OpenDataSource OLE DB Provider Name Overflow |
OpenVAS Exploits
id | Description |
---|---|
2012-03-16 | Name : VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCe... File : nvt/gb_VMSA-2011-0003.nasl |
2008-12-16 | Name : Microsoft SQL Server sp_replwritetovarbin() BOF Vulnerability File : nvt/gb_mssql_sp_replwritetovarbin_bof_vuln.nasl |
2008-12-02 | Name : Microsoft SQL Server 2000 sqlvdir.dll ActiveX Buffer Overflow Vulnerability File : nvt/secpod_ms_sql_server_2000_activex_bof_vuln_900125.nasl |
2006-03-26 | Name : Microsoft's SQL Version Query File : nvt/mssql_version.nasl |
2005-11-03 | Name : MSDTC denial of service by flooding with nul bytes File : nvt/msdtc_dos.nasl |
2005-11-03 | Name : Microsoft's SQL Hello Overflow File : nvt/mssql_hello_overflow.nasl |
2005-11-03 | Name : SMB Registry : SQL7 Patches File : nvt/smb_mssql7.nasl |
2005-11-03 | Name : XML Core Services patch (Q318203) File : nvt/smb_nt_ms02-008.nasl |
2005-11-03 | Name : Cumulative Patch for Internet Information Services (Q327696) File : nvt/smb_nt_ms02-018.nasl |
Information Assurance Vulnerability Management (IAVM)
id | Description |
---|---|
2011-A-0066 | Multiple Vulnerabilities in VMware Products Severity: Category I - VMSKEY: V0027158 |
2009-A-0012 | Microsoft SQL Server Remote Code Execution Vulnerability Severity: Category I - VMSKEY: V0018387 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | xp_updatecolvbm vulnerable function attempt RuleID : 8540 - Type : SERVER-MSSQL - Revision : 8 |
2014-01-10 | xp_updatecolvbm unicode vulnerable function attempt RuleID : 8539 - Type : SERVER-MSSQL - Revision : 10 |
2014-01-10 | xp_updatecolvbm unicode vulnerable function attempt RuleID : 8538 - Type : SERVER-MSSQL - Revision : 10 |
2014-01-10 | xp_showcolv vulnerable function attempt RuleID : 8531 - Type : SERVER-MSSQL - Revision : 10 |
2014-01-10 | xp_showcolv unicode vulnerable function attempt RuleID : 8530 - Type : SERVER-MSSQL - Revision : 10 |
2014-01-10 | xp_showcolv unicode vulnerable function attempt RuleID : 8529 - Type : SERVER-MSSQL - Revision : 10 |
2014-01-10 | xp_SetSQLSecurity vulnerable function attempt RuleID : 8528 - Type : SERVER-MSSQL - Revision : 10 |
2014-01-10 | xp_SetSQLSecurity unicode vulnerable function attempt RuleID : 8527 - Type : SERVER-MSSQL - Revision : 10 |
2014-01-10 | xp_SetSQLSecurity unicode vulnerable function attempt RuleID : 8526 - Type : SERVER-MSSQL - Revision : 10 |
2014-01-10 | xp_proxiedmetadata vulnerable function attempt RuleID : 8525 - Type : SERVER-MSSQL - Revision : 10 |
2014-01-10 | xp_proxiedmetadata unicode vulnerable function attempt RuleID : 8524 - Type : SERVER-MSSQL - Revision : 10 |
2014-01-10 | xp_proxiedmetadata unicode vulnerable function attempt RuleID : 8523 - Type : SERVER-MSSQL - Revision : 10 |
2014-01-10 | xp_printstatements vulnerable function attempt RuleID : 8522 - Type : SERVER-MSSQL - Revision : 10 |
2014-01-10 | xp_printstatements unicode vulnerable function attempt RuleID : 8521 - Type : SERVER-MSSQL - Revision : 10 |
2014-01-10 | xp_printstatements unicode vulnerable function attempt RuleID : 8520 - Type : SERVER-MSSQL - Revision : 10 |
2014-01-10 | xp_peekqueue vulnerable function attempt RuleID : 8519 - Type : SERVER-MSSQL - Revision : 10 |
2014-01-10 | xp_peekqueue unicode vulnerable function attempt RuleID : 8518 - Type : SERVER-MSSQL - Revision : 10 |
2014-01-10 | xp_peekqueue unicode vulnerable function attempt RuleID : 8517 - Type : SERVER-MSSQL - Revision : 10 |
2014-01-10 | xp_enumresultset vulnerable function attempt RuleID : 8504 - Type : SERVER-MSSQL - Revision : 8 |
2014-01-10 | xp_enumresultset unicode vulnerable function attempt RuleID : 8503 - Type : SERVER-MSSQL - Revision : 8 |
2014-01-10 | xp_enumresultset unicode vulnerable function attempt RuleID : 8502 - Type : SERVER-MSSQL - Revision : 8 |
2014-01-10 | xp_displayparamstmt vulnerable function attempt RuleID : 8501 - Type : SERVER-MSSQL - Revision : 8 |
2014-01-10 | xp_displayparamstmt unicode vulnerable function attempt RuleID : 8500 - Type : SERVER-MSSQL - Revision : 8 |
2014-01-10 | xp_displayparamstmt unicode vulnerable function attempt RuleID : 8499 - Type : SERVER-MSSQL - Revision : 10 |
2014-01-10 | formatmessage possible buffer overflow RuleID : 8495 - Type : SQL - Revision : 6 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2016-03-04 | Name: The remote VMware ESX / ESXi host is missing a security-related patch. File: vmware_VMSA-2011-0003_remote.nasl - Type: ACT_GATHER_INFO |
2011-02-14 | Name: The remote VMware ESXi / ESX host is missing one or more security-related pat... File: vmware_VMSA-2011-0003.nasl - Type: ACT_GATHER_INFO |
2009-02-11 | Name: A database application installed on the remote host is affected by a remote c... File: smb_kb959420.nasl - Type: ACT_GATHER_INFO |
2009-02-11 | Name: Arbitrary code can be executed on the remote host through Microsoft SQL Server. File: smb_nt_ms09-004.nasl - Type: ACT_GATHER_INFO |
2003-07-24 | Name: Arbitrary code can be executed on the remote host through the SQL service. File: smb_nt_ms03-031.nasl - Type: ACT_GATHER_INFO |
2003-03-06 | Name: It may be possible to get the remote SQL Server's administrator password. File: smb_nt_ms02-035.nasl - Type: ACT_GATHER_INFO |
2003-03-02 | Name: Arbitrary code can be executed on the remote host through Microsoft SQL server. File: smb_nt_ms02-030.nasl - Type: ACT_GATHER_INFO |
2003-01-25 | Name: The remote database server is affected by multiple buffer overflows. File: mssql_litchfield_overflows.nasl - Type: ACT_GATHER_INFO |
2002-08-07 | Name: The remote database server is affected by a remote command execution vulnerab... File: mssql_hello_overflow.nasl - Type: ACT_DESTRUCTIVE_ATTACK |
2002-04-23 | Name: Arbitrary code can be executed on the remote host through the web server. File: smb_nt_ms02-018.nasl - Type: ACT_GATHER_INFO |
2002-04-20 | Name: The remote service is prone to a denial of service attack. File: msdtc_dos.nasl - Type: ACT_DENIAL |
2002-02-24 | Name: Local files can be retrieved through the web client. File: smb_nt_ms02-008.nasl - Type: ACT_GATHER_INFO |
2002-02-13 | Name: Arbitrary code can be executed on the remote host through the web client. File: smb_nt_ms02-005.nasl - Type: ACT_GATHER_INFO |