Microsoft KB Archive/304851

= FIX: SQL Server Text Formatting Functions Contain Unchecked Buffers =

Article ID: 304851

Article Last Modified on 8/5/2004

-

APPLIES TO


 * Microsoft SQL Server 7.0 Standard Edition

-



This article was previously published under Q304851



BUG #: 101942 (SQLBUG_70)



SYMPTOMS
SQL Server 7.0 provides a number of functions that enable database queries to generate text messages. In some cases, the functions create a text message and store it in a variable; in others, the functions directly display the message. A vulnerability has been discovered with these functions.

Use of an invalid format type character may allow SQL Server to overwrite an internal buffer that may overwrite an address in the SQL Server process space with arbitrary data. If SQL Server overwrites an address in the SQL Server process space with arbitrary data, SQL Server may potentially allow you to execute arbitrary code within SQL Server or the SQL Server process may abnormally terminate.

For additional information about this security fix, refer to the following Web address:

Microsoft Security Bulletin MS01-060



CAUSE
The SQL Server parser incorrectly allows you to use an invalid type character with some text functions.



RESOLUTION
To resolve this problem, obtain the latest service pack for Microsoft SQL Server 7.0. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

301511 INF: How to Obtain the Latest SQL Server 7.0 Service Pack

NOTE: The following hotfix was created prior to Microsoft SQL Server 7.0 Service Pack 4.

Microsoft recommends that you apply this hotfix to your SQL Server 7.0 installation. SQL Server 7.0 Service Pack 3 is required to apply this fix.

For more information about how to obtain SQL Server 7.0 Service Pack 3, please see the following article in the Microsoft Knowledge Base:

274799 How to Obtain Service Pack 3 for Microsoft SQL Server 7.0

NOTE: SQL Server 7 (7.00.1020), or later, already contains the fix; therefore, you do not need to apply the hotfix if you are using SQL Server 7 (7.00.1020) or later.

Alpha
The following file is available for download from the Microsoft Download Center:

s71020a.exe

Release Date: JAN-24-2002

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How To Obtain Microsoft Support Files from Online Services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.

Intel
The following file is available for download from the Microsoft Download Center:

S71020i.exe

Release Date: JAN-24-2002

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How To Obtain Microsoft Support Files from Online Services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.

To ensure that you have properly installed the fix, run the following command from Query Analyzer or from OSQL the command prompt:

&quot;SELECT @@VERSION&quot; (without the quotation marks)

Depending on your platform, the result you receive is either:


 * &quot;Microsoft SQL Server 7.00 - 7.00.1020 (Intel X86)&quot; or greater.

-or-
 * &quot;Microsoft SQL Server 7.0 - 7.00.1020 (Alpha)&quot; or greater



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Microsoft SQL Server 7.0 Service Pack 4.

Keywords: kbdownload kbbug kbfix KB304851

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.