Article ID: 304851 - Last Review: August 5, 2004 - Revision: 3.2

FIX: SQL Server Text Formatting Functions Contain Unchecked Buffers

View products that this article applies to.
This article was previously published under Q304851
BUG #: 101942 (SQLBUG_70)
Expand all | Collapse all

SYMPTOMS

SQL Server 7.0 provides a number of functions that enable database queries to generate text messages. In some cases, the functions create a text message and store it in a variable; in others, the functions directly display the message. A vulnerability has been discovered with these functions.

Use of an invalid format type character may allow SQL Server to overwrite an internal buffer that may overwrite an address in the SQL Server process space with arbitrary data. If SQL Server overwrites an address in the SQL Server process space with arbitrary data, SQL Server may potentially allow you to execute arbitrary code within SQL Server or the SQL Server process may abnormally terminate.

For additional information about this security fix, refer to the following Web address:

Microsoft Security Bulletin MS01-060 (http://www.microsoft.com/technet/security/bulletin/MS01-060.mspx)
Back to the top

CAUSE

The SQL Server parser incorrectly allows you to use an invalid type character with some text functions.
Back to the top

RESOLUTION

To resolve this problem, obtain the latest service pack for Microsoft SQL Server 7.0. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
301511  (http://support.microsoft.com/kb/301511/EN-US/ ) INF: How to Obtain the Latest SQL Server 7.0 Service Pack
NOTE: The following hotfix was created prior to Microsoft SQL Server 7.0 Service Pack 4.

Microsoft recommends that you apply this hotfix to your SQL Server 7.0 installation. SQL Server 7.0 Service Pack 3 is required to apply this fix.

For more information about how to obtain SQL Server 7.0 Service Pack 3, please see the following article in the Microsoft Knowledge Base:
274799  (http://support.microsoft.com/kb/274799/EN-US/ ) How to Obtain Service Pack 3 for Microsoft SQL Server 7.0

NOTE: SQL Server 7 (7.00.1020), or later, already contains the fix; therefore, you do not need to apply the hotfix if you are using SQL Server 7 (7.00.1020) or later.

The following file is available for download from the Microsoft Download Center:
SQL70-KB815495-v7.00.1094-ENU.exe (http://www.microsoft.com/downloads/details.aspx?familyid=FE5B0892-A5C9-44C2-9B42-0D291E9C1636&displaylang=en)
Release Date: JAN-24-2002

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591  (http://support.microsoft.com/kb/119591/EN-US/ ) How To Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.
To ensure that you have properly installed the fix, run the following command from Query Analyzer or from OSQL the command prompt:

"SELECT @@VERSION" (without the quotation marks)


Depending on your platform, the result you receive is either:

  • "Microsoft SQL Server 7.00 - 7.00.1020 (Intel X86)" or greater.

    -or-
  • "Microsoft SQL Server 7.0 - 7.00.1020 (Alpha)" or greater
Back to the top

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Microsoft SQL Server 7.0 Service Pack 4.
Back to the top
APPLIES TO
  • Microsoft SQL Server 7.0 Standard Edition
Back to the top
Keywords: 
kbdownload kbbug kbfix KB304851
Back to the top
 

Get Help Now

Contact a support professional by E-mail, Online, or Phone

Article Translations

 

Related Support Centers