SQL Server 7.0 Bug Fixed
- By Scott Bekker
- December 21, 1999
A security vulnerability in Microsoft SQL Server 7.0 that could cause the
database server to crash has been discovered and remedied.
If a specially malformed TDS packet is sent to a SQL Server, it can cause
the SQL service to crash. The vulnerability would not allow any inappropriate
access to the data on the server, nor would it allow a malicious user to usurp
any administrative control on the machine. An affected machine could be put
back into service by restarting the SQL service. This vulnerability could be
remotely exploited if port 1433 were open at the firewall.
Microsoft SQL Server 7.0 is affected by this vulnerability. The Intel
version of the patch is available at http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16923
and the Alpha version is available at http://www.microsoft.com/Downloads/Release.asp?ReleaseID=16924.
The patch does not locate the SQL folder and install the patched files into it.
The user must copy the three files contained in it to the MSSQL7/BINN folder.
-- Isaac Slepner
Scott Bekker is editor in chief of Redmond Channel Partner magazine.