ID CVE-2002-0642
Summary The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Permission on SQL Server Service Account Registry Key."
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:msde:2000:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:msde:2000:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:sql_server:2000:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:sql_server:2000:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 12-10-2018 - 21:31)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
oval via4
accepted 2014-06-23T04:00:06.418-04:00
class vulnerability
contributors
  • name Tiffany Bergeron
    organization The MITRE Corporation
  • name Jonathan Baker
    organization The MITRE Corporation
  • name Ingrid Skoog
    organization The MITRE Corporation
  • name Ingrid Skoog
    organization The MITRE Corporation
  • name Ingrid Skoog
    organization The MITRE Corporation
  • name Ingrid Skoog
    organization The MITRE Corporation
  • name Ingrid Skoog
    organization The MITRE Corporation
  • name Ingrid Skoog
    organization The MITRE Corporation
  • name Ingrid Skoog
    organization The MITRE Corporation
  • name Jerome Athias
    organization McAfee, Inc.
description The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Permission on SQL Server Service Account Registry Key."
family windows
id oval:org.mitre.oval:def:1025
status accepted
submitted 2004-06-15T12:00:00.000-04:00
title Incorrect Permission on SQL Server Service Account Registry Key
version 6
refmap via4
bid 5205
cert CA-2002-22
cert-vn VU#796313
xf mssql-registry-insecure-permissions(9523)
Last major update 12-10-2018 - 21:31
Published 23-07-2002 - 04:00
Last modified 12-10-2018 - 21:31
Back to Top