Microsoft KB Archive/317979

= FIX: Unchecked Buffer May Occur When You Connect to Remote Data Source =

Article ID: 317979

Article Last Modified on 9/27/2005

-

APPLIES TO


 * Microsoft SQL Server 2000 Standard Edition
 * Microsoft SQL Server 7.0 Standard Edition

-



This article was previously published under Q317979



This article discusses a security or privacy issue that may affect the operation of your computer. The information in this article is provided &quot;as-is&quot; without warranty of any kind. The workaround or hotfix that is described in this article addresses the issue as it is currently understood, but may not protect against any undiscovered variants of this issue. Microsoft recommends that you apply this cumulative patch or implement the workarounds if one is provided.



BUG #: 102359 (SQLBUG_70)

BUG #: 356666 (SHILOH_BUGS)



SYMPTOMS
When you submit a query to a remote data source and the query contains a string longer than what is expected, the buffer could be overwritten. If you submit a query that has a string longer than expected, the query may cause a handled exception of this SQL Server thread, or may allow an attacker to run arbitrary code under the security context in which the SQL Server service is running.



SQL Server 2000
To resolve this problem in SQL Server 2000, use these steps:  Obtain and install SQL Server 2000 Service Pack 2.

For information on how to obtain SQL Server 2000 Service Pack 2, see the following article in the Microsoft Knowledge Base:

290211 INF: How to Obtain the Latest SQL Server 2000 Service Pack

  Apply the hotfix.

The English version of this fix should have the following file attributes or later:   Date          Time         Version       Size        File name -

2/12/2002    11:28 PM     8.00.0578     7269 KB     Sqlservr.exe

NOTE: Due to file dependencies, the most recent hotfix or feature that contains the preceding files may also contain additional files.

To download the hotfix for SQL Server 2000, see the following article in the Microsoft Knowledge Base:

316333 INF: SQL Server 2000 Security Update for Service Pack 2



SQL Server 7.0
To resolve this problem, obtain the latest service pack for Microsoft SQL Server 7.0. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

301511 INF: How to Obtain the Latest SQL Server 7.0 Service Pack

NOTE: The following hotfix was created prior to Microsoft SQL Server 7.0 Service Pack 4.

Hotfix: To resolve this problem in SQL Server 7.0, follow these steps:  Obtain SQL Server 7.0 Service Pack 3. For information about how to obtain SQL Server 7.0 Service Pack 3, see the following article in the Microsoft Knowledge Base:

274799 INF: How to Obtain Service Pack 3 for Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0

  Apply the appropriate hotfix for your platform.

'Intel'

The English version of this fix for the Intel platform should have the following file attributes or later:

<pre class="fixed_text">  Date          Time        Version          Size        File name -

2/18/2002    4:19 PM     7.00.1021.02     4937 KB     Sqlservr.exe NOTE: Because of file dependencies, the most recent hotfix or feature that contains the preceding files may also contain additional files.

'Alpha'

The English version of this fix for the Alpha platform should have the following file attributes or later:

<pre class="fixed_text">  Date          Time        Version          Size        File name -

2/18/2002    4:19 PM     7.00.1021.02     11385 KB     Sqlservr.exe NOTE: Due to file dependencies, the most recent hotfix or feature that contains the preceding files may also contain additional files.

To download the hotfix for SQL Server 7.0 (for either platform), see the following article in the Microsoft Knowledge Base:

318268 INF: SQL Server 7.0 Security Update for Service Pack 3

</li></ol>

<div class="status_section">

STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

SQL Server 7.0

This problem was first corrected in Microsoft SQL Server 7.0 Service Pack 4.

Keywords: kbhotfixserver kbqfe kbbug kbfix kbsqlserv700presp4fix KB317979

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.