CVE-2002-0643
CVSS4.6
发布时间 :2002-07-23 00:00:00
修订时间 :2016-10-17 22:20:59
NMCOS    

[原文]The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and Microsoft SQL Server 2000 creates setup.iss files with insecure permissions and does not delete them after installation, which allows local users to obtain sensitive data, including weakly encrypted passwords, to gain privileges, aka "SQL Server Installation Process May Leave Passwords on System."


[CNNVD]Microsoft MS-SQL Server安装过程中明文缓存口令漏洞(MS02-035)(CNNVD-200207-074)

        
        Microsoft SQL Server 7.0/2000是微软公司开发和维护的商业SQL数据库系统。
        Microsoft SQL Server安装过程中存在漏洞,本地攻击者可能利用此问题得到访问数据库的认证信息。
        在MS-SQL Server 7.0/2000(包括MSDE 1.0)的安装或打服务补丁过程中,相关的信息包括口令会被收集并存放在主机上的一个名为"setup.iss"的文件中。在SQL Server 7.0和MSDE 1.0中此文件位于%windir%目录(默认为C:\Winnt),在SQL Server 2000中此文件位于SQL安装目录的install子目录下(默认为:C:\Program
         Files\Microsoft SQL Server\mssql\install)。此文件在程序安装完成以后并不删除,而且任何人可读。在MS-SQL Server 7.0 SP4以前的版本中,口令信息是以明文的形式存放的,在SP4版本以后采用了很弱的加密方式进行存放。本地攻击者可能通过读取此文件得到数据库访问的认证信息。
        

- CVSS (基础分值)

CVSS分值: 4.6 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:microsoft:sql_server:2000Microsoft SQL Server 2000
cpe:/a:microsoft:data_engine:1.0Microsoft data_engine 1.0
cpe:/a:microsoft:sql_server:7.0Microsoft SQLServer 7.0
cpe:/a:microsoft:sql_server:7.0:sp3Microsoft SQL Server 7.0 Service Pack 3
cpe:/a:microsoft:sql_server:7.0:sp1Microsoft SQL Server 7.0 Service Pack 1
cpe:/a:microsoft:sql_server:2000:sp2Microsoft SQLServer 2000 Service Pack 2
cpe:/a:microsoft:sql_server:7.0:sp2Microsoft SQL Server 7.0 Service Pack 2
cpe:/a:microsoft:sql_server:2000:sp1Microsoft SQLServer 2000 Service Pack 1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0643
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0643
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200207-074
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=102640092826731&w=2
(UNKNOWN)  BUGTRAQ  20020711 SQL Server 7 & 2000 Installation process and Service Packs write encoded passwords to a file
http://marc.info/?l=vuln-dev&m=102640394131103&w=2
(UNKNOWN)  VULN-DEV  20020711 SQL Server 7 & 2000 Installation process and Service Packs write encoded passwords to a file
http://www.kb.cert.org/vuls/id/338195
(UNKNOWN)  CERT-VN  VU#338195
http://www.microsoft.com/technet/security/bulletin/ms02-035.asp
(VENDOR_ADVISORY)  MS  MS02-035
http://www.securityfocus.com/bid/5203
(UNKNOWN)  BID  5203

- 漏洞信息

Microsoft MS-SQL Server安装过程中明文缓存口令漏洞(MS02-035)
中危 设计错误
2002-07-23 00:00:00 2006-09-01 00:00:00
本地  
        
        Microsoft SQL Server 7.0/2000是微软公司开发和维护的商业SQL数据库系统。
        Microsoft SQL Server安装过程中存在漏洞,本地攻击者可能利用此问题得到访问数据库的认证信息。
        在MS-SQL Server 7.0/2000(包括MSDE 1.0)的安装或打服务补丁过程中,相关的信息包括口令会被收集并存放在主机上的一个名为"setup.iss"的文件中。在SQL Server 7.0和MSDE 1.0中此文件位于%windir%目录(默认为C:\Winnt),在SQL Server 2000中此文件位于SQL安装目录的install子目录下(默认为:C:\Program
         Files\Microsoft SQL Server\mssql\install)。此文件在程序安装完成以后并不删除,而且任何人可读。在MS-SQL Server 7.0 SP4以前的版本中,口令信息是以明文的形式存放的,在SP4版本以后采用了很弱的加密方式进行存放。本地攻击者可能通过读取此文件得到数据库访问的认证信息。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 删除setup.iss文件。
        厂商补丁:
        Microsoft
        ---------
        Microsoft已经为此发布了一个安全公告(MS02-035)以及相应补丁:
        MS02-035:SQL Server Installation Process May Leave Passwords on System (Q263968)
        链接:
        http://www.microsoft.com/technet/security/bulletin/MS02-035.asp

        补丁下载:
         * Microsoft SQL 7, MSDE 1.0, and Microsoft SQL Server 2000:
        
        http://www.microsoft.com/Downloads/Release.asp?ReleaseID=40205

- 漏洞信息

10141
Microsoft SQL Server sestup.iss File Authentication Credential Disclosure

- 漏洞描述

Unknown or Incomplete

- 时间线

2002-07-10 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Microsoft MS-SQL Server Installation Password Caching Vulnerability
Design Error 5203
No Yes
2002-07-11 12:00:00 2009-07-11 02:56:00
Microsoft has credited Cesar Cerrudo <cesarc56@yahoo.com> for the discovery of this vulnerability.

- 受影响的程序版本

Microsoft SQL Server 2000 SP2
Microsoft SQL Server 2000 SP1
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
Microsoft SQL Server 2000
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0
Microsoft SQL Server 7.0 SP3 alpha
Microsoft SQL Server 7.0 SP3
- Microsoft SQL Server 7.0
- Microsoft SQL Server 7.0
Microsoft SQL Server 7.0 SP2 alpha
Microsoft SQL Server 7.0 SP2
- Microsoft SQL Server 7.0
- Microsoft SQL Server 7.0
Microsoft SQL Server 7.0 SP1 alpha
Microsoft SQL Server 7.0 SP1
- Microsoft SQL Server 7.0
- Microsoft SQL Server 7.0
Microsoft SQL Server 7.0 alpha
Microsoft SQL Server 7.0
- Microsoft BackOffice 4.5
- Microsoft BackOffice 4.5
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
Microsoft Data Engine (MSDE) 1.0
+ Affymetrix Microarray Suite Software 5.0.1
+ Affymetrix Microarray Suite Software 5.0.1
+ Affymetrix Microarray Suite Software 5.0.1
+ Affymetrix Microarray Suite Software 5.0
+ Affymetrix Microarray Suite Software 5.0
+ Affymetrix Microarray Suite Software 5.0
+ Altiris Deployment Server 5.5
+ Altiris Deployment Server 5.5
+ Altiris Deployment Server 5.5
+ Altiris Deployment Server 5.0.1
+ Altiris Deployment Server 5.0.1
+ Altiris Deployment Server 5.0.1
+ Centennial UK Ltd Centennial Discovery 4.4
+ Centennial UK Ltd Centennial Discovery 4.4
+ Centennial UK Ltd Centennial Discovery 4.4
+ Compaq Insight Manager 7.0 SP1
+ Compaq Insight Manager 7.0 SP1
+ Compaq Insight Manager 7.0 SP1
+ Compaq Insight Manager 7.0
+ Compaq Insight Manager 7.0
+ Compaq Insight Manager 7.0
+ Gerber Technology WebPDM 3.9
+ Gerber Technology WebPDM 3.9
+ Gerber Technology WebPDM 3.9
+ McAfee ePolicy Orchestrator 2.5 SP1
+ McAfee ePolicy Orchestrator 2.5 SP1
+ McAfee ePolicy Orchestrator 2.5 SP1
+ McAfee ePolicy Orchestrator 2.5
+ McAfee ePolicy Orchestrator 2.5
+ McAfee ePolicy Orchestrator 2.5
+ McAfee ePolicy Orchestrator 2.0
+ McAfee ePolicy Orchestrator 2.0
+ McAfee ePolicy Orchestrator 2.0
+ McAfee ePolicy Orchestrator 1.1
+ McAfee ePolicy Orchestrator 1.1
+ McAfee ePolicy Orchestrator 1.1
+ McAfee ePolicy Orchestrator 1.0
+ McAfee ePolicy Orchestrator 1.0
+ McAfee ePolicy Orchestrator 1.0
- Microsoft Access 2000
- Microsoft Access 2000
- Microsoft Access 2000
- Microsoft Project Central Server
- Microsoft Project Central Server
- Microsoft Project Central Server
+ Microsoft SharePoint Team Services from Microsoft
+ Microsoft SharePoint Team Services from Microsoft
+ Microsoft SharePoint Team Services from Microsoft
- Microsoft Visual Studio 6.0
- Microsoft Visual Studio 6.0
- Microsoft Visual Studio 6.0
+ PowerQuest ControlCenter ST 2.0
+ PowerQuest ControlCenter ST 2.0
+ PowerQuest ControlCenter ST 2.0
+ PPM 2000 Incident Reporting and Investigation Management 5.1
+ PPM 2000 Incident Reporting and Investigation Management 5.1
+ PPM 2000 Incident Reporting and Investigation Management 5.1
+ Research In Motion Blackberry Enterprise Server 2.0 .0.65
+ Research In Motion Blackberry Enterprise Server 2.0 .0.65
+ Research In Motion Blackberry Enterprise Server 2.0 .0.65
+ Trend Micro Control Manager 2.5
+ Trend Micro Control Manager 2.5
+ Trend Micro Control Manager 2.5
+ Trend Micro Damage Cleanup Server 1.0
+ Trend Micro Damage Cleanup Server 1.0
+ Trend Micro Damage Cleanup Server 1.0
+ Vital Processing Services LLC POS-partner 2000 5.0.13
+ Vital Processing Services LLC POS-partner 2000 5.0.13
+ Vital Processing Services LLC POS-partner 2000 5.0.13
+ Vital Processing Services LLC POS-partner 2000 4.1.11
+ Vital Processing Services LLC POS-partner 2000 4.1.11
+ Vital Processing Services LLC POS-partner 2000 4.1.11
+ Websense Reporter 6.3.1
+ Websense Reporter 6.3.1
+ Websense Reporter 6.3.1

- 漏洞讨论

During the initial installation of Microsoft SQL Server 7 (including MSDE 1.0) and 2000, or when applying service packs, information, sometimes including passwords, is gathered and stored in a file on the host computer. Prior to MS-SQL Server 7.0 SP4, these passwords were stored in clear text in the file.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

Microsoft has provided a utility, killpwd.exe, that will remove the passwords from any accessible directories.


Microsoft SQL Server 2000

Microsoft SQL Server 7.0

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站