Microsoft KB Archive/821277

From BetaArchive Wiki

Article ID: 821277

Article Last Modified on 1/9/2006


APPLIES TO

  • Microsoft SQL Server 2000 Service Pack 3
  • Microsoft SQL Server 2000 Desktop Engine
  • Microsoft SQL Server 2000 Service Pack 3a
  • Microsoft SQL Server 2000 Desktop Engine


SUMMARY

Microsoft distributes SQL Server 2000 security fixes as one downloadable file. Because the security fixes are cumulative, each new release contains all the hotfixes and all the security fixes that were included with the previous SQL Server 2000 security fix release. You do not have to install a previous security patch before you install the latest one.

For additional information about the latest service pack for Microsoft SQL Server 2000, click the following article number to view the article in the Microsoft Knowledge Base:

290211 How to obtain the latest SQL Server 2000 service pack


INTRODUCTION

This Microsoft Knowledge Base article contains a list of all the security fixes that are available for SQL Server 2000 Service Pack 3 (SP3), SQL Server 2000 Service Pack 3a (SP3a), SQL Server 2000 Desktop Engine (MSDE) Service Pack 3 (SP3), and SQL Server 2000 Desktop Engine (MSDE) Service Pack 3a (SP3a).

Important notes

  • This cumulative package does not contain the security fixes that are in Microsoft Data Access Components (MDAC) and Analysis Services.


Here is a list of the vulnerabilities that are resolved by this security patch:

  • Named Pipe Hijacking

When SQL Server starts, it creates and then listens on a specific named pipe for incoming connections to the server. A named pipe is a specifically named one-way or two-way channel for communication between a pipe server and one or more pipe clients. SQL Server checks the named pipe to verify what connections can log on to the system that is running SQL Server to run queries against data that is stored on the server.

A flaw exists in the checking method for the named pipe that might allow an attacker who is local to the system that is running SQL Server to hijack (gain control of) the named pipe when another client uses an authenticated logon password to logon. This would allow the attacker to gain control of the named pipe at the same permission level as the user who is trying to connect. If the user who is trying to connect remotely has a higher level of permissions than the attacker does, the attacker will assume those rights when the named pipe is compromised.

  • Named Pipe Denial of Service

In the same named pipes scenario that is mentioned in the "Named Pipe Hijacking" section of this article, an unauthenticated user who is local to the intranet might be able to send a very large packet to a specific named pipe where the system running SQL Server is listening and cause it to become unresponsive.

This vulnerability does not allow an attacker to run arbitrary code or elevate their permissions; however, a denial of service condition might still exist that requires you to restart the server to restore functionality.

  • SQL Server Buffer Overrun

A flaw exists in a specific Windows function that may allow an authenticated user who has direct access to log on to the system running SQL Server the ability to create a specially crafted packet that when sent to the listening local procedure call (LPC) port of the system, can cause a buffer overrun. If successfully exploited, this can allow a user who has limited permissions on the system to elevate their permissions to the level of the SQL Server service account, or cause arbitrary code to run.

SQL Server prompts you for a password after you install MS03-031: Cumulative security patch for SQL Server

After you install "MS03-031: Cumulative Security Patch for SQL Server", when you make changes to a standard SQL Server login by using Enterprise Manager, SQL Server prompts you for a password, even if you did not change the password. If you did not change the password, you cannot successfully close the dialog box, regardless of the entry that you use. To resolve or avoid this problem, download and use the fix that is in the following Microsoft Knowledge Base article:

826161 FIX: You are prompted for password confirmation after you change a standard SQL Server login


MORE INFORMATION

Important notes

Read these important notes about the installation of this patch on a computer that is running SQL Server 2000 SP3.

Universal Description, Discovery, and Integration (UDDI) services

If you install this security patch on a computer that is running Microsoft Windows Server 2003, and UDDI Services is installed, you must take one of two actions to restart UDDI Services, depending on your circumstances. The UDDI Services will not resume normal functioning until you do.

  • If no other Web service is in use on the computer that is running Windows Server 2003, you can restart the UDDI Services by restarting Microsoft Internet Information Services (IIS). Restarting IIS is the same as first stopping IIS, and then starting it again, except it is done with a single command. There are two ways to restart IIS:
    • Use the IIS Manager graphical user interface.
    • Use the IISReset command-line utility.
  • If other Web services are in use on the computer that is running Windows Server 2003, you may not want to affect their operation. To restart the UDDI Services, follow these steps:
    1. Start the IIS Manager utility.
    2. Locate the Application Pools folder, and then right-click the MSUDDIAppPool icon.
    3. Click to select the Recycle menu option. Doing so will allow UDDI Services to resume operation without affecting any other Web service on the computer.

An error message occurs when you connect to a Microsoft Windows NT 4.0-based computer by using named pipes

When you connect to a Windows NT 4.0-based computer that is running Microsoft SQL Server 2000 by using named pipes, and that connection is made by a non-admin user, you may receive an error message similar to one of the following:

Message 1

Connection could not be established. SQL Server does not exist

Message 2

Connection could not be established. Access is denied.

To obtain a hotfix to resolve this error message, see the following article in the Microsoft Knowledge Base:

823492 "Connection could not be established" error message when you connect to a Windows NT 4.0-based computer that is running SQL Server 2000 or SQL Server 7.0


Download information

The following file is available for download from the Microsoft Download Center:

http://www.microsoft.com/downloads/details.aspx?FamilyId=9814AE9D-BD44-40C5-ADD3-B8C99618E68D

Release Date: 23 July 2003

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to obtain Microsoft support files from online services


Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.

Prerequisites

This security patch requires SQL Server 2000 Service Pack 3 (SP3) or Service Pack 3a (SP3a). Microsoft recommends SQL Server 2000 Service Pack 3a.

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

290211 How to obtain the latest SQL Server 2000 service pack


Note If you have not installed the security patch for Microsoft Security Bulletin MS03-031, download and use the file that is available in the following Microsoft Knowledge Base article:

826161 FIX: You are prompted for password confirmation after you change a standard SQL Server login


Installation information

This security patch supports the following Setup switches.

Switch Description
s Disables the Self Extraction progress dialog box. Must come before the /a switch.
/a This parameter must come before all parameters except /s if you are running the hotfix by using the self-extracting EXE, and you want to include parameters for unattended installations. This is a mandatory parameter for the installer to run in the unattended mode.
/q This switch causes the Setup program to run in silent mode with no user interface.
INSTANCENAME Name of the instance of SQL Server. You must enter it as follows:


INSTANCENAME=yourinstancename

BLANKSAPWD Means a blank sa password for SQL Authentication. If you enter this parameter on computers that are running Microsoft Windows NT or Microsoft Windows 2000, the default Windows Authentication logon is overridden and it tries to log on with a blank sa password. The correct format for this parameter is BLANKSAPWD=1. This parameter is recognized only for unattended installations.
SAPWD Non-blank sa password. If you enter this parameter, it must be in the form of SAPWD=yoursapassword. This parameter overrides the default Windows Authentication on computers that are running Windows NT or Windows 2000, or BLANKSAPWD, if entered.

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

330391 SQL Server hotfix installer


Restart requirement

You do not have to restart your computer after you apply this security patch unless the hotfix installer prompts you to.

Removal information

The removal of this patch is not supported unless certain catalogs were backed up before the installation of this security patch. For more information, see the "How to Remove or Rollback the Hotfix" section in the following Microsoft Knowledge Base article:

330391 SQL Server hotfix installer


Security patch replacement information

This security patch does not replace any other SQL Server 2000 Service Pack 3 (SP3) security patches.

File information

The English version of this security patch has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel. 

   Date         Time   Version             Size         File name
   ----------------------------------------------------------------------------
   31-May-2003  18:45  2000.80.818.0      78,400 bytes  Console.exe      
   25-Jun-2003  01:01  2000.80.818.0      33,340 bytes  Dbmslpcn.dll     
   25-Apr-2003  02:12                    786,432 bytes  Distmdl.ldf
   25-Apr-2003  02:12                  2,359,296 bytes  Distmdl.mdf
   30-Jan-2003  01:55                        180 bytes  Drop_repl_hotfix.sql
   07-Apr-2003  19:15  2000.80.801.0   1,557,052 bytes  Dtsui.dll        
   24-Apr-2003  02:51                    747,927 bytes  Instdist.sql
   03-May-2003  01:56                      1,581 bytes  Inst_repl_hotfix.sql
   08-Feb-2003  06:40  2000.80.765.0      90,692 bytes  Msgprox.dll      
   01-Apr-2003  02:07                      1,873 bytes  Odsole.sql
   07-May-2000  07:04                      1,873 bytes  Odsole.sql     
   02-Apr-2003  21:48  2000.80.796.0      57,904 bytes  Osql.exe         
   02-Apr-2003  23:15  2000.80.797.0     279,104 bytes  Pfutil80.dll     
   04-Apr-2003  21:27                  1,083,467 bytes  Replmerg.sql
   04-Apr-2003  21:53  2000.80.798.0     221,768 bytes  Replprov.dll     
   08-Feb-2003  06:40  2000.80.765.0     307,784 bytes  Replrec.dll      
   05-May-2003  00:05                  1,085,874 bytes  Replsys.sql
   31-May-2003  01:01  2000.80.818.0     492,096 bytes  Semobj.dll       
   31-May-2003  18:27  2000.80.818.0     172,032 bytes  Semobj.rll
   29-May-2003  00:29                    115,944 bytes  Sp3_serv_uni.sql
   01-Jun-2003  01:01  2000.80.818.0   4,215,360 bytes  Sqldmo.dll       
   07-Apr-2003  17:44                     25,172 bytes  Sqldumper.exe    
   19-Mar-2003  18:20  2000.80.789.0      28,672 bytes  Sqlevn70.rll
   24-Apr-2003  05:39  2000.80.811.0     176,696 bytes  Sqlmap70.dll     
   08-Feb-2003  06:40  2000.80.765.0      57,920 bytes  Sqlrepss.dll     
   01-Jun-2003  01:02  2000.80.818.0   7,544,916 bytes  Sqlservr.exe     
   01-Jun-2003  01:02                 12,739,584 bytes  Sqlservr.pdb
   08-Feb-2003  06:40  2000.80.765.0      45,644 bytes  Sqlvdi.dll       
   25-Jun-2003  01:01  2000.80.818.0      33,340 bytes  Ssmslpcn.dll     
   01-Jun-2003  01:01  2000.80.818.0      82,492 bytes  Ssnetlib.dll     
   01-Jun-2003  01:01  2000.80.818.0      25,148 bytes  Ssnmpn70.dll     
   01-Jun-2003  01:01  2000.80.818.0     158,240 bytes  Svrnetcn.dll     
   31-May-2003  18:59  2000.80.818.0      76,416 bytes  Svrnetcn.exe     
   30-Apr-2003  23:52  2000.80.816.0      45,132 bytes  Ums.dll          
   30-Apr-2003  23:52                    132,096 bytes  Ums.pdb
   28-Feb-2003  01:34  2000.80.778.0      98,872 bytes  Xpweb70.dll

Verification

To determine what version of SQL Server you are running, use the information that is in the following Microsoft Knowledge Base article:

321185 How to identify your SQL Server service pack version and edition


After you apply this security patch, run one of the following: 

SELECT serverproperty('productversion') 


SELECT @@Version

The following should be returned:

8.00.818


REFERENCES

For additional information about this security patch, see the following Microsoft Security Bulletin:

http://www.microsoft.com/technet/security/bulletin/MS03-031.mspx


For additional information, click the following article number To view the article In the Microsoft Knowledge Base:

824684 Description of the standard terminology that is used to describe Microsoft software updates


Keywords: kbfix kbqfe kbsqlserv2000presp4fix atdownload KB821277



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/821277&oldid=195651
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki