fkie_cve-2002-0721
Vulnerability from fkie_nvd
Published
2002-09-05 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt.
References
cve@mitre.orghttp://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0087.html
cve@mitre.orghttp://marc.info/?l=bugtraq&m=102950473002959&w=2
cve@mitre.orghttp://marc.info/?l=ntbugtraq&m=102950792606475&w=2
cve@mitre.orghttp://www.kb.cert.org/vuls/id/399531US Government Resource
cve@mitre.orghttp://www.kb.cert.org/vuls/id/818939US Government Resource
cve@mitre.orghttp://www.kb.cert.org/vuls/id/939675US Government Resource
cve@mitre.orghttp://www.ngssoftware.com/advisories/mssql-esppu.txt
cve@mitre.orghttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-043
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0087.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=102950473002959&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=ntbugtraq&m=102950792606475&w=2
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/399531US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/818939US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/939675US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.ngssoftware.com/advisories/mssql-esppu.txt
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-043
Impacted products
Vendor Product Version
microsoft data_engine 1.0
microsoft data_engine 2000
microsoft sql_server 7.0
microsoft sql_server 7.0
microsoft sql_server 7.0
microsoft sql_server 7.0
microsoft sql_server 7.0
microsoft sql_server 2000
microsoft sql_server 2000
microsoft sql_server 2000


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:data_engine:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F455C373-A9F7-47F9-828E-DEE2C8CC6545",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:data_engine:2000:*:*:*:*:*:*:*",
              "matchCriteriaId": "51ABD323-BF3F-4825-8788-8FCD614E83E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2AB95D7-394E-423B-884C-87A9960682EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:7.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "4355BA3D-B985-4DC7-AD9D-21B64652CC19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:7.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D590A237-1587-4FF2-BEEA-F96B1C08F84C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:7.0:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "B004F338-1C8E-4283-8823-1A16A291FCBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:7.0:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "54EB3111-B93A-4577-9592-0D13FE7FD2C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2000:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5D559EE-727C-405C-987C-247973A84D32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2000:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "4A74EBC1-FD61-4DD1-AC8A-E4B0F333A980",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2000:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "4BC2A389-68BF-45B1-833D-96B331844424",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt."
    },
    {
      "lang": "es",
      "value": "Microsoft SQL Server 7.0 y 2000 se instala con permisos d\u00e9biles para ciertos procedimientos almacenados (stored procedures) extendidos que est\u00e1n asociados con funciones de ayuda, lo que podr\u00eda permitir a usuairos sin privilegios, y posiblemente atacantes remotos, ejecutar procedimentos almacenados con privilegios de administrador."
    }
  ],
  "id": "CVE-2002-0721",
  "lastModified": "2024-11-20T23:39:43.107",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2002-09-05T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0087.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=102950473002959\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=ntbugtraq\u0026m=102950792606475\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/399531"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/818939"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/939675"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ngssoftware.com/advisories/mssql-esppu.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-043"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0087.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=102950473002959\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=ntbugtraq\u0026m=102950792606475\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/399531"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/818939"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/939675"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ngssoftware.com/advisories/mssql-esppu.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-043"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.