Microsoft SQL Server 7.0/2000 Local Procedure Call privileges management
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 4.8 | $0-$5k | 0.00 |
Summary
A vulnerability classified as problematic has been found in Microsoft SQL Server 7.0/2000. This impacts an unknown function of the component Local Procedure Call Handler. Performing a manipulation results in privileges management. This vulnerability was named CVE-2003-0232. The attack needs to be approached locally. In addition, an exploit is available. Applying a patch is the recommended action to fix this issue.
Details
A vulnerability was found in Microsoft SQL Server 7.0/2000 (Database Software). It has been classified as problematic. This affects some unknown processing of the component Local Procedure Call Handler. The manipulation with an unknown input leads to a privileges management vulnerability. CWE is classifying the issue as CWE-269. The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:
Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow.
The weakness was presented 07/23/2003 by Andreas Junstream with @stake as confirmed advisory (CERT.org). The advisory is shared at kb.cert.org. This vulnerability is uniquely identified as CVE-2003-0232 since 04/30/2003. The exploitability is told to be easy. An attack has to be approached locally. No form of authentication is needed for exploitation. Technical details are unknown but a public exploit is available. MITRE ATT&CK project uses the attack technique T1068 for this issue.
The exploit is shared for download at exploit-db.com. It is declared as proof-of-concept. The vulnerability scanner Nessus provides a plugin with the ID 11804 (MS03-031: Cumulative Patch for MS SQL Server (815495)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows : Microsoft Bulletins and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 90086 (Microsoft SQL Server Multiple Vulnerabilities (MS03-031)).
Applying a patch is able to eliminate this problem. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (12703), Exploit-DB (65), Tenable (11804), SecurityFocus (BID 8275†) and OSVDB (10123†). See VDB-197, VDB-198 and VDB-20732 for similar entries. If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.microsoft.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.3VulDB Meta Temp Score: 4.8
VulDB Base Score: 5.3
VulDB Temp Score: 4.8
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Privileges managementCWE: CWE-269 / CWE-266
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Access: Public
Status: Proof-of-Concept
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 11804
Nessus Name: MS03-031: Cumulative Patch for MS SQL Server (815495)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Exploit-DB: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Timeline
04/30/2003 🔍07/23/2003 🔍
07/23/2003 🔍
07/23/2003 🔍
07/23/2003 🔍
07/24/2003 🔍
08/27/2003 🔍
10/19/2003 🔍
04/09/2004 🔍
08/14/2014 🔍
12/31/2024 🔍
Sources
Vendor: microsoft.comAdvisory: kb.cert.org
Researcher: Andreas Junstream
Organization: @stake
Status: Confirmed
CVE: CVE-2003-0232 (🔍)
GCVE (CVE): GCVE-0-2003-0232
GCVE (VulDB): GCVE-100-20733
OVAL: 🔍
CERT: 🔍
X-Force: 12703
SecurityFocus: 8275 - Microsoft SQL Server LPC Port Request Buffer Overflow Vulnerability
OSVDB: 10123 - Microsoft SQL Server LPC Packet Handling Local Overflow
Vulnerability Center: 2553 - [MS03-031] Buffer Overflow on Microsoft SQL Server LPC, Medium
scip Labs: https://www.scip.ch/en/?labs.20161013
See also: 🔍
Entry
Created: 08/15/2014 00:18Updated: 12/31/2024 03:33
Changes: 08/15/2014 00:18 (68), 05/16/2019 09:26 (13), 12/31/2024 03:33 (16)
Complete: 🔍
Cache ID: 216::103
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
No comments yet. Languages: en.
Please log in to comment.