ID CVE-2003-0231
Summary Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe.
References
Vulnerable Configurations
  • Microsoft data_engine 1.0
    cpe:2.3:a:microsoft:data_engine:1.0
  • Microsoft SQLServer 7.0
    cpe:2.3:a:microsoft:sql_server:7.0
  • Microsoft SQL Server 7.0 Service Pack 1
    cpe:2.3:a:microsoft:sql_server:7.0:sp1
  • Microsoft SQL Server 7.0 Service Pack 2
    cpe:2.3:a:microsoft:sql_server:7.0:sp2
  • Microsoft SQL Server 7.0 Service Pack 3
    cpe:2.3:a:microsoft:sql_server:7.0:sp3
  • Microsoft SQL Server 7.0 Service Pack 4
    cpe:2.3:a:microsoft:sql_server:7.0:sp4
  • Microsoft SQL Server 2000
    cpe:2.3:a:microsoft:sql_server:2000
  • cpe:2.3:a:microsoft:sql_server:2000:-:desktop_engine
    cpe:2.3:a:microsoft:sql_server:2000:-:desktop_engine
  • Microsoft SQLServer 2000 Service Pack 1
    cpe:2.3:a:microsoft:sql_server:2000:sp1
  • Microsoft SQLServer 2000 Service Pack 2
    cpe:2.3:a:microsoft:sql_server:2000:sp2
  • Microsoft SQLServer 2000 Service Pack 3
    cpe:2.3:a:microsoft:sql_server:2000:sp3
  • Microsoft SQLServer 2000 Service Pack 3a
    cpe:2.3:a:microsoft:sql_server:2000:sp3a
CVSS
Base: 5.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
exploit-db via4
description Microsoft SQL Server 7.0/2000,MSDE Named Pipe Denial Of Service Vulnerability. CVE-2003-0231. Dos exploit for windows platform
id EDB-ID:22957
last seen 2016-02-02
modified 2003-07-23
published 2003-07-23
reporter refdom
source https://www.exploit-db.com/download/22957/
title Microsoft SQL Server 7.0/2000,MSDE Named Pipe Denial of Service Vulnerability
nessus via4
NASL family Windows : Microsoft Bulletins
NASL id SMB_NT_MS03-031.NASL
description The remote Microsoft SQL server is vulnerable to several flaws : - Named pipe hijacking - Named Pipe Denial of Service - SQL server buffer overrun These flaws could allow a user to gain elevated privileges on this host.
last seen 2019-02-21
modified 2018-11-15
plugin id 11804
published 2003-07-24
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=11804
title MS03-031: Cumulative Patch for MS SQL Server (815495)
oval via4
accepted 2014-06-23T04:07:46.560-04:00
class vulnerability
contributors
  • name Yi-Fang Koh
    organization The MITRE Corporation
  • name Jonathan Baker
    organization The MITRE Corporation
  • name Ingrid Skoog
    organization The MITRE Corporation
  • name Ingrid Skoog
    organization The MITRE Corporation
  • name Ingrid Skoog
    organization The MITRE Corporation
  • name Ingrid Skoog
    organization The MITRE Corporation
  • name Ingrid Skoog
    organization The MITRE Corporation
  • name Ingrid Skoog
    organization The MITRE Corporation
  • name Ingrid Skoog
    organization The MITRE Corporation
  • name Ingrid Skoog
    organization The MITRE Corporation
  • name Ingrid Skoog
    organization The MITRE Corporation
  • name Ingrid Skoog
    organization The MITRE Corporation
  • name Christine Walzer
    organization The MITRE Corporation
  • name Christine Walzer
    organization The MITRE Corporation
  • name Christine Walzer
    organization The MITRE Corporation
  • name Matthew Wojcik
    organization The MITRE Corporation
  • name Matthew Wojcik
    organization The MITRE Corporation
  • name Matthew Wojcik
    organization The MITRE Corporation
  • name Matthew Wojcik
    organization The MITRE Corporation
  • name Jerome Athias
    organization McAfee, Inc.
description Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe.
family windows
id oval:org.mitre.oval:def:299
status accepted
submitted 2003-10-10T12:00:00.000-04:00
title SQL Server Named Pipe Denial of Service
version 68
refmap via4
atstake A072303-2
cert-vn VU#918652
ms MS03-031
Last major update 10-09-2008 - 15:18
Published 27-08-2003 - 00:00
Last modified 12-10-2018 - 17:32
Back to Top