Executive Summary
Informations | |||
---|---|---|---|
Name | MS03-031 | First vendor Publication | N/A |
Vendor | Microsoft | Last vendor Modification | N/A |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Cumulative Patch for Microsoft SQL Server (815495) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2003-07-23 | Microsoft SQL Server 7.0/2000,MSDE Named Pipe Denial Of Service Vulnerability |
2003-07-25 | MS Windows SQL Server Denial of Service Remote Exploit (MS03-031) |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
10125 | Microsoft SQL Server Named Pipe Hijack Privilege Escalation |
10123 | Microsoft SQL Server LPC Packet Handling Local Overflow Microsoft SQL Server uses different ways of communicating with a client locally, one of them is over a LPC port. This port can by used by any local user to send information to the SQL Server service. By sending a specially crafted message to this port it is possible to overwrite information stored on the stack. This would allow an attacker to execute code under SQL Server's credentials thereby escalating privileges. This would then allow the user to read and write access to the database files. If the SQL Server is running under the Administrator or Local System account this would enable system compromise. |
2299 | Microsoft SQL Server Named Pipe Handling Request Remote DoS Microsoft SQL Server contains a flaw that may allow a remote denial of service. The issue is triggered when overly long SQL query is sent to named pipe. This pipe allows write access to the group "Everyone" and is therefore accessible to anyone that can authenticate, local or remote. Microsoft SQL Server 2000 Pre-SP3 will stop responding and service needs to be restarted in order to answer requests again. While SQL Server 2000 SP3 will appear to function normally but it will become unresponsive to any type of requests, a restart of the host is needed to recover because it is impossible to stop the service. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2003-07-24 | Name : Arbitrary code can be executed on the remote host through the SQL service. File : smb_nt_ms03-031.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:44:53 |
|