CVE

Id
5015  
CVE No.
CVE-2002-0624  
Status
Candidate  
Description
Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in Password Encryption Procedure."  
Phase
Modified (20061101)  
Votes
ACCEPT(5) Armstrong, Baker, Cole, Foat, Wall | MODIFY(1) Frech | NOOP(2) Christey, Cox  
Comments
Christey> BUGTRAQ:20020614 Microsoft SQL Server 2000 pwdencrypt() buffer overflow | URL:http://online.securityfocus.com/archive/1/276953 | XF:mssql-pwdencrypt-bo(9345) | URL:http://www.iss.net/security_center/static/9345.php | BID:5014 | URL:http://online.securityfocus.com/bid/5014 | Christey> CERT:CA-2002-22 | CERT-VN:VU#225555 | Frech> XF:mssql-pwdencrypt-bo(9345)  

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
25948 5015 CVE-2002-0624 MS:MS02-034  View
25949 5015 CVE-2002-0624 URL:http://www.microsoft.com/technet/security/bulletin/ms02-034.asp  View
25950 5015 CVE-2002-0624 CERT:CA-2002-22  View
25951 5015 CVE-2002-0624 URL:http://www.cert.org/advisories/CA-2002-22.html  View
25952 5015 CVE-2002-0624 OVAL:oval:org.mitre.oval:def:291  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
63804 JVNDB-2002-000131 Microsoft SQL Server の pwdencrypt() 関数におけるバッファオーバーフローの脆弱性 Microsof SQL Server (MSDE 2000 を含む) の pwdencrypt() 関数には、引数として渡される文字列長のチェックが不適切であるため、非常に長い文字列を送信する事により、バッファオーバーフローが発生する脆弱性が存在します。 CVE-2002-0624 5015 7.5 http://jvndb.jvn.jp/ja/contents/2002/JVNDB-2002-000131.html  View