[ISN] Flaw Puts SQL Servers at Risk

From: InfoSec News (isnat_private)
Date: Mon Jun 17 2002 - 02:10:48 PDT

  • Next message: InfoSec News: "[ISN] Homeland defense shifts focus to secure nets"

    By Dennis Fisher 
    June 14, 2002 
    A Russian security researcher claims he has discovered a flaw in
    Microsoft Corp.'s SQL Server 2000 which gives an attacker the ability
    to either crash the server or execute malicious code on the machine.
    Microsoft is aware of the advisory and is investigating the issue, the
    company said.
    The vulnerability is in the "pwdencrypt" hashing function, which is
    included with SQL. A buffer overrun flaw in this function enables an
    attacker to overwrite a portion of the heap memory, which could either
    result in the SQL Server application crashing or the attacker being
    able to execute code on the machine.
    The researcher, Martin Rakhmanoff, posted his advisory to the Bugtraq
    security mailing list, along with instructions on how to exploit the
    flaw. Rakhmanoff is the author of a freeware Windows password-recovery
    tool called BehindTheAsterisks that displays the plain-text instead of
    the asterisks in the Windows log-on password field.
    A Microsoft spokesman said in a statement that the company is
    concerned that Rakhmanoff's bulletin puts users at risk of attack.
    "The Microsoft Security Response Center is thoroughly investigating
    this issue, just as we do with every report we receive of security
    vulnerabilities affecting Microsoft products," the statement said.
    "At this point in the investigation we feel strongly that speculating
    on the issue while the investigation is in progress would be
    irresponsible and counterproductive to our goal of protecting our
    customers' information. Microsoft is moving forward on the
    investigation with all due speed and, when it is completed, we will
    take the action that best serves Microsoft's customers.
    "We are concerned by the way this report has been handled. Publishing
    the report may put computer users at risk--or at the very least could
    cause needless confusion and apprehension."
    This is the third serious flaw in SQL Server 2000 that's been
    disclosed this week. On Wednesday Microsoft issued patches for two
    problems in the database software's SQLXML service.
    There is an unchecked buffer in an ISAPI extension which could enable
    an attacker to run code on the IIS server, as well as a vulnerability
    in a function that specifies an XML tag. This second flaw could allow
    an attacker to run scripts on the vulnerable machine with escalated
    privileges, Microsoft officials said.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Mon Jun 17 2002 - 05:24:17 PDT