Oops. More of the same security holes for Microsoft products. This time for SQL Server.
(Mac Observer found the news quite tiresome actually...)
See:
Microsoft warns of holes in SQL Server, by Juan Carlos Perez for CNN.
Posted by Lisa at December 28, 2001 06:47 PM | TrackBackThe first and more serious vulnerability results from the failure of the SQL Server text-generating functions to limit the size of the text to the buffer space allotted by the system. This can lead to a flaw known as buffer overflow, which could allow an attacker to execute code within the system. The extent of the damage that the attacker could cause would depend on how the database administrator has configured the product's security parameters. In the worst-case scenario, the attacker could gain "significant control over the database, and perhaps over the server itself" and be able to "add, delete, or change data in the database, ... reconfigure the operating system, install new software on it, or simply reformat the hard drive," according to the security bulletin.
The second vulnerability is related to C runtime functions for formatting text strings. The database calls these strings when it runs on Windows NT 4.0, Windows 2000 or Windows XP operating systems. The flaw can make the database vulnerable to a denial of service attack, Microsoft said. The C runtime is the set of executables and files that provide support for programs written in the C programming language, and all Windows platforms ship with a runtime for C, Microsoft said. A "format string" vulnerability occurs when "a function that accepts formatted text for printing doesn't properly validate it before using it," Microsoft said.