Security hole in SQL Server lets attackers take over
A security flaw in Microsoft Corp.'s SQL Server 7.0 and SQL Server 2000 Gold can allow an attacker to take control of a targeted server, the company said in a security bulletin late Tuesday night. Microsoft issued a patch for the flaw at the same time it released the bulletin.
A hitch in the way database connections are handled by the SQL (Structured Query Language) server could allow an attacker to hijack an administrator's connection, thus gaining administrator privileges, the company said, but added that the vulnerability only exists in servers configured for Mixed Mode authentication, a configuration type Microsoft recommends against, and can only be exploited by users who already have access to the server.
When a user ends a database session with a SQL server, the connection that has just ended is temporarily cached. However, using a special kind of server query, an attacker could exploit this flaw to restart an administrator's connection, thus gaining the administrator's access privileges, according to the bulletin. If this were to occur, the attacker could make any changes to the database, including adding, changing or deleting data, and could run code of the attacker's choice on the server, Microsoft said.
The bug is mitigated, however, due to the necessity that the server be configured for Mixed Mode authentication in order for the flaw to be usable, the company said. Mixed Mode authentication is a process by which the server attempts to authorize a user through Windows methods, but failing that uses SQL. This option is typically used on SQL servers hosted on Windows 95 and 98 systems and the company warns against it, Microsoft said.
Additionally, the bug is mitigated because the attacker would already have to be authorized by the server in order to restart a terminated connection.
The security bulletin and patch can be found at http://www.microsoft.com/technet/security/bulletin/MS01-032.asp
IDG News Service
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
