Microsoft has issued a security patch to two versions of its SQL
Server software that were vulnerable to attackers.
Microsoft said the patch was for a buffer overrun
vulnerability which affected its SQL Server 7.0 and 2000 database software.
In an advisory, the company said the flaw could cause SQL failure or allow
hackers to execute code in the security context in which SQL Server is
running.
“SQL Server can be configured to run in various security contexts, and by
default runs as a domain user. The precise privileges the attacker could
gain would depend on the specific security context that the service runs
in,” Microsoft said.
“An attacker could exploit this vulnerability in one of two ways. Firstly,
the attacker could attempt to load and execute a database query that calls
one of the affected functions. Secondly, if a web-site or other database
front-end were configured to access and process arbitrary queries, it could
be possible for the attacker to provide inputs that would cause the query to
call one of the functions in question with the appropriate malformed
parameters.”
SQL Server 7.0 and 2000 both provide for extended stored procedures, which
are external routines written in a programming language such as C. Microsoft
said these procedures appear to users as normal stored procedures and are
executed in the same way.
The patch for SQL 7.0 is available here and, for SQL Server 2000, it can be found here.
To ensure proper patch installation in 7.0, Microsoft has urged Webmasters
to verify the individual files by consulting the date/time stamp of the
files listed in the file manifest in the Microsoft Knowledge Base article.
For SQL Server 2000, verification of the individual files can be done by
consulting the date/time stamp of the files listed in the file manifest here