Microsoft Patches SQL Server Vulnerability
- By Scott Bekker
- April 18, 2002
A flaw in the way SQL Server handles extended stored procedures makes the database vulnerable to a buffer overflow attack, Microsoft officials said in a security bulletin issued this week.
Microsoft has a patch for the vulnerability, a problem that the company classifies as a moderate risk.
Extended stored procedures are external routines written in a programming language such as C. They appear to users as normal stored procedures and are executed in the same way, according to the bulletin.
Both SQL Server 7.0 and SQL Server 2000 ship with extended stored procedures for helper functions.
A flaw common to several of the extended stored procedures is a failure to perform input validation correctly, making them susceptible to buffer overruns.
Malicious users can exploit the flaw to cause the SQL Server service to fail or to cause code to run in the security context that SQL Server enjoys.
According to Microsoft, several best practices reduce the potential damage. DBAs are encouraged to run SQL Server in the lowest security context possible, known as the rule of least privilege, limiting the amount of damage an attacker could cause. Also, untrusted users should not be able to load and execute queries of their choice on a database server, and publicly accessible databases should filter inputs prior to processing.
The patch is available at http://www.microsoft.com/technet/security/bulletin/ms02-020.asp.
Scott Bekker is editor in chief of Redmond Channel Partner magazine.