Microsoft KB Archive/316426

= INF: SQL Server 2000 Security Update for Service Pack 1 =

Article ID: 316426

Article Last Modified on 8/9/2004

-

APPLIES TO


 * Microsoft SQL Server 2000 Service Pack 1

-



This article was previously published under Q316426



This article discusses a security or privacy issue that may affect the operation of your computer. The information in this article is provided &quot;as-is&quot; without warranty of any kind. The workaround or hotfix that is described in this article addresses the issue as it is currently understood, but may not protect against any undiscovered variants of this issue. Microsoft recommends that you apply this cumulative patch or implement the workaround if one is provided.



SUMMARY
Microsoft now distributes SQL Server security fixes as one download file. Because the security fixes are cumulative, each new release contains all of the security fixes that were included with the previous SQL Server security fix release. This Microsoft Knowledge Base article contains a list of all the security fixes that are available for SQL Server 2000 Service Pack 1 (SP1).



MORE INFORMATION
'SQL Server Security Fixes'

Non-Sysadmin User Can Execute XP_CMDSHELL If SQL Agent Proxy Account Revoked - Released January 29, 2002

After using SQL Server Enterprise Manager to disable the non-sysadmin Job Step Proxy Account:


 * Non-Sysadmin users can still successfully execute the xp_cmdshell command.


 * Jobs that use xp_cmdshell owned by non-sysadmin users, still successfully execute.

Workaround for this Issue

Do not disable the SQL Server Agent Proxy Account in SQL Enterprise Manager. Instead, disable the SQL Server Agent Proxy Account by using the following Transact-SQL batch:

EXECUTE msdb.dbo.sp_set_sqlagent_properties @sysadmin_only = 1 go set noexec off set parseonly off go EXECUTE master.dbo.xp_sqlagent_proxy_account 'DEL' go

SQL Server Text Formatting Functions Contain Unchecked Buffers - Released December 20, 2001

SQL Server 2000 provides a number of functions that enable database queries to generate text messages. In some cases, the functions create a text message and store it in a variable; in others, the functions directly display the message. Microsoft discovered a vulnerability with these functions.

Use of an invalid format type character may allow SQL Server to overwrite an internal buffer that may overwrite an address in the SQL Server process space with arbitrary data. If SQL Server overwrites an address in the SQL Server process space with arbitrary data, SQL Server may potentially allow you to execute arbitrary code within SQL Server or the SQL Server process may abnormally terminate.

'Resolution'

The following file is available for download from the Microsoft Download Center:

8.00.0475.exe

Release Date: JAN-29-2002

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How To Obtain Microsoft Support Files from Online Services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.

After you install the fix, the file version of Xpstar.dll should be 8.00.475 or later, and the file version of Sqlservr.exe should be 8.00.428 or later.

