CVE-2003-0230
CVSS7.2
发布时间 :2003-08-27 00:00:00
修订时间 :2008-09-10 15:18:19
NMCOS    

[原文]Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability.


[CNNVD]Microsoft SQL Server / MSDE命名管道权限提升漏洞(CNNVD-200308-197)

        Microsoft SQL Server 7,2000版本和MSDE存在漏洞。本地用户可以通过另一个用户认证时劫持已命名管道提升特权,也称为"Named Pipe Hijacking"漏洞。

- CVSS (基础分值)

CVSS分值: 7.2 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-264 [权限、特权与访问控制]

- CPE (受影响的平台与产品)

cpe:/a:microsoft:sql_server:2000:sp3Microsoft SQLServer 2000 Service Pack 3
cpe:/a:microsoft:sql_server:2000::desktop_engine
cpe:/a:microsoft:sql_server:2000:sp1Microsoft SQLServer 2000 Service Pack 1
cpe:/a:microsoft:sql_server:2000:sp3aMicrosoft SQLServer 2000 Service Pack 3a
cpe:/a:microsoft:data_engine:1.0Microsoft data_engine 1.0
cpe:/a:microsoft:sql_server:7.0:sp4Microsoft SQL Server 7.0 Service Pack 4
cpe:/a:microsoft:sql_server:7.0:sp1Microsoft SQL Server 7.0 Service Pack 1
cpe:/a:microsoft:sql_server:2000:sp2Microsoft SQLServer 2000 Service Pack 2
cpe:/a:microsoft:sql_server:7.0:sp3Microsoft SQL Server 7.0 Service Pack 3
cpe:/a:microsoft:sql_server:7.0:sp2Microsoft SQL Server 7.0 Service Pack 2
cpe:/a:microsoft:sql_server:2000Microsoft SQL Server 2000
cpe:/a:microsoft:sql_server:7.0Microsoft SQLServer 7.0

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:235SQL Server Named Pipe Hijacking
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0230
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0230
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200308-197
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/556356
(UNKNOWN)  CERT-VN  VU#556356
http://www.microsoft.com/technet/security/bulletin/MS03-031.asp
(PATCH)  MS  MS03-031

- 漏洞信息

Microsoft SQL Server / MSDE命名管道权限提升漏洞
高危 访问验证错误
2003-08-27 00:00:00 2007-03-30 00:00:00
本地  
        Microsoft SQL Server 7,2000版本和MSDE存在漏洞。本地用户可以通过另一个用户认证时劫持已命名管道提升特权,也称为"Named Pipe Hijacking"漏洞。

- 公告与补丁

        The vendor has released a fix to address this issue.
        Microsoft SQL Server 2000 SP3
        
        Microsoft SQL Server 2000 Desktop Engine
        
        Microsoft SQL Server 2000 SP3a
        
        Microsoft Data Engine 1.0
        
        Microsoft SQL Server 7.0 SP4
        

- 漏洞信息

10125
Microsoft SQL Server Named Pipe Hijack Privilege Escalation
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2003-07-03 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Microsoft SQL Server / MSDE Named Pipes Privilege Escalation Vulnerability
Access Validation Error 8276
No Yes
2003-07-23 12:00:00 2009-07-11 10:56:00
This vulnerability was announced by the vendor in a security advisory.

- 受影响的程序版本

Microsoft SQL Server 2000 Desktop Engine
+ Akiva WebBoard 6.1
+ Microsoft Access 2000
+ Microsoft Application Center 2000
+ Microsoft BizTalk Server 2000 Developer Edition
+ Microsoft BizTalk Server 2000 Enterprise Edition
+ Microsoft BizTalk Server 2000 Standard Edition
+ Microsoft BizTalk Server 2002 Developer Edition
+ Microsoft BizTalk Server 2002 Enterprise Edition
+ Microsoft Office 2000
+ Microsoft Project Central Server
+ Microsoft SharePoint Team Services from Microsoft
+ Microsoft Visio 2000 Enterprise Edition
+ Microsoft Visio Enterprise Network Tools
+ Microsoft Visual FoxPro 6.0
+ Microsoft Visual Studio 6.0
+ Microsoft Visual Studio .NET Academic Edition 0
+ Microsoft Visual Studio .NET Enterprise Architect Edition
+ Microsoft Visual Studio .NET Enterprise Developer Edition
+ Microsoft Visual Studio .NET Professional Edition
+ SmartMax Software MailMax 5.0
+ Veritas Software Backup Exec for Windows Servers 9.0
Microsoft SQL Server 2000 SP3a
Microsoft SQL Server 2000 SP3
Microsoft SQL Server 2000 SP2
Microsoft SQL Server 2000 SP1
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
Microsoft SQL Server 2000
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0
Microsoft SQL Server 7.0 SP4
- Microsoft SQL Server 7.0
- Microsoft SQL Server 7.0
Microsoft SQL Server 7.0 SP3
- Microsoft SQL Server 7.0
- Microsoft SQL Server 7.0
Microsoft SQL Server 7.0 SP2
- Microsoft SQL Server 7.0
- Microsoft SQL Server 7.0
Microsoft SQL Server 7.0 SP1
- Microsoft SQL Server 7.0
- Microsoft SQL Server 7.0
Microsoft SQL Server 7.0
- Microsoft BackOffice 4.5
- Microsoft BackOffice 4.5
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
Microsoft Data Engine (MSDE) 1.0
+ Affymetrix Microarray Suite Software 5.0.1
+ Affymetrix Microarray Suite Software 5.0.1
+ Affymetrix Microarray Suite Software 5.0.1
+ Affymetrix Microarray Suite Software 5.0
+ Affymetrix Microarray Suite Software 5.0
+ Affymetrix Microarray Suite Software 5.0
+ Altiris Deployment Server 5.5
+ Altiris Deployment Server 5.5
+ Altiris Deployment Server 5.5
+ Altiris Deployment Server 5.0.1
+ Altiris Deployment Server 5.0.1
+ Altiris Deployment Server 5.0.1
+ Centennial UK Ltd Centennial Discovery 4.4
+ Centennial UK Ltd Centennial Discovery 4.4
+ Centennial UK Ltd Centennial Discovery 4.4
+ Compaq Insight Manager 7.0 SP1
+ Compaq Insight Manager 7.0 SP1
+ Compaq Insight Manager 7.0 SP1
+ Compaq Insight Manager 7.0
+ Compaq Insight Manager 7.0
+ Compaq Insight Manager 7.0
+ Gerber Technology WebPDM 3.9
+ Gerber Technology WebPDM 3.9
+ Gerber Technology WebPDM 3.9
+ McAfee ePolicy Orchestrator 2.5 SP1
+ McAfee ePolicy Orchestrator 2.5 SP1
+ McAfee ePolicy Orchestrator 2.5 SP1
+ McAfee ePolicy Orchestrator 2.5
+ McAfee ePolicy Orchestrator 2.5
+ McAfee ePolicy Orchestrator 2.5
+ McAfee ePolicy Orchestrator 2.0
+ McAfee ePolicy Orchestrator 2.0
+ McAfee ePolicy Orchestrator 2.0
+ McAfee ePolicy Orchestrator 1.1
+ McAfee ePolicy Orchestrator 1.1
+ McAfee ePolicy Orchestrator 1.1
+ McAfee ePolicy Orchestrator 1.0
+ McAfee ePolicy Orchestrator 1.0
+ McAfee ePolicy Orchestrator 1.0
- Microsoft Access 2000
- Microsoft Access 2000
- Microsoft Access 2000
- Microsoft Project Central Server
- Microsoft Project Central Server
- Microsoft Project Central Server
+ Microsoft SharePoint Team Services from Microsoft
+ Microsoft SharePoint Team Services from Microsoft
+ Microsoft SharePoint Team Services from Microsoft
- Microsoft Visual Studio 6.0
- Microsoft Visual Studio 6.0
- Microsoft Visual Studio 6.0
+ PowerQuest ControlCenter ST 2.0
+ PowerQuest ControlCenter ST 2.0
+ PowerQuest ControlCenter ST 2.0
+ PPM 2000 Incident Reporting and Investigation Management 5.1
+ PPM 2000 Incident Reporting and Investigation Management 5.1
+ PPM 2000 Incident Reporting and Investigation Management 5.1
+ Research In Motion Blackberry Enterprise Server 2.0 .0.65
+ Research In Motion Blackberry Enterprise Server 2.0 .0.65
+ Research In Motion Blackberry Enterprise Server 2.0 .0.65
+ Trend Micro Control Manager 2.5
+ Trend Micro Control Manager 2.5
+ Trend Micro Control Manager 2.5
+ Trend Micro Damage Cleanup Server 1.0
+ Trend Micro Damage Cleanup Server 1.0
+ Trend Micro Damage Cleanup Server 1.0
+ Vital Processing Services LLC POS-partner 2000 5.0.13
+ Vital Processing Services LLC POS-partner 2000 5.0.13
+ Vital Processing Services LLC POS-partner 2000 5.0.13
+ Vital Processing Services LLC POS-partner 2000 4.1.11
+ Vital Processing Services LLC POS-partner 2000 4.1.11
+ Vital Processing Services LLC POS-partner 2000 4.1.11
+ Websense Reporter 6.3.1
+ Websense Reporter 6.3.1
+ Websense Reporter 6.3.1

- 漏洞讨论

Microsoft SQL Server and the Microsoft Data Engine have been reported prone to a privilege escalation vulnerability via named pipes.

It has been reported that a named pipe used to control certain connection attempts to the SQL server is prone to a vulnerability that may provide for the escalation of privileges.

If successful, a local attacker may seize control of the named pipe and thereby inherit the permissions of a user who is attempting to connect to the SQL server.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

The vendor has released a fix to address this issue.


Microsoft SQL Server 2000 SP3

Microsoft Data Engine (MSDE) 1.0

Microsoft SQL Server 2000 Desktop Engine

Microsoft SQL Server 7.0 SP4

Microsoft SQL Server 2000 SP3a

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站