Servers
SHARE
Facebook X Pinterest WhatsApp

CERT Warns of Multiple SQL Flaws

Written By
thumbnail Amy Newman
Amy Newman
Jul 20, 2010
ServerWatch content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More



A CERT advisory issued Monday evening warns of several vulnerabilities in Microsoft SQL Server.

A CERT advisory issued Monday evening warns of several vulnerabilities in Microsoft SQL Server.

Microsoft SQL Server 7.0, Microsoft SQL Server 2000, and Microsoft SQL Server Desktop Engine 2000 are affected.

CERT Advisory CA-2002-22warns of several serious vulnerabilities in Microsoft SQL Server that enable remote attackers to obtain sensitive information, alter database content, compromise SQL servers, and, in some configurations, compromise server hosts.

Individually, these vulnerabilities have significant preconditions that are difficult for an attacker to overcome. However, if exploited in combination, they would allow an attacker to gain additional flexibility and increase his or her chances for success.

The following vulnerabilities are highlighted in the advisory:

  • VU#796313: Microsoft SQL Server service account registry key has weak permissions that permit escalation of privileges (CAN-2002-0642)
  • VU#225555: Microsoft SQL Server contains buffer overflow in pwdencrypt() function (CAN-2002-0624)
  • VU#399260: Microsoft SQL Server 2000 contains heap buffer overflow in SQL Server Resolution Service (CAN-2002-0649)
  • VU#484891: Microsoft SQL Server 2000 contains stack buffer overflow in SQL Server Resolution Service (CAN-2002-0649)
  • VU#399260: Microsoft SQL Server 2000 contains heap buffer overflow in SQL Server Resolution Service

Microsoft has published Security Bulletin MS02-034 to addresses VU#796313 and VU#225555, Security Bulletin MS02-020 to address VU#627275, and Security Bulletin MS02-039to address VU#399260 and VU#484891.

Although Microsoft has gone public about the vulnerabilities and already addressed the situation by releasing the Security Bulletins, CERT believes their collective severity warrants additional attention. Hence, the advisory.

Since December 2001, Microsoft has published eight Microsoft Security Bulletins for more than a dozen vulnerabilities in the Microsoft SQL Server.

The full advisory is online on CERT’s site at http://www.cert.org/advisories/CA-2002-22.html.

thumbnail Amy Newman

Amy Newman is a B2B technology writer and editor with more than 15 years of experience following and analyzing IT infrastructure trends. She co-authored "Practical Virtualization Solutions: Virtualization from the Trenches," published by Prentice Hall Pearson Education in 2009.

Recommended for you...

thumbnail What Is a Container? Understanding Containerization
Guides
What Is a Container? Understanding Containerization
Allan Jay Monteclaro
Dec 14, 2023
thumbnail What Is a Print Server? | How It Works and What It Does
Guides
What Is a Print Server? | How It Works and What It Does
Nisar Ahmad
Dec 8, 2023
thumbnail What Is a Network Policy Server (NPS)? | Essential Guide
Guides
What Is a Network Policy Server (NPS)? | Essential Guide
Allan Jay Monteclaro
Nov 29, 2023
thumbnail Virtual Servers vs. Physical Servers: Comparison and Use Cases
Servers
Virtual Servers vs. Physical Servers: Comparison and Use Cases
Ray Fernandez
Nov 14, 2023
ServerWatch Logo

ServerWatch is a top resource on servers. Explore the latest news, reviews and guides for server administrators now.

facebook
linkedin
rss
x

Company

About us Contact us Advertise with us

Categories

Servers Guides Hardware Virtualization OS Monitoring Storage

Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information