Article ID: 317979 - Last Review: September 27, 2005 - Revision: 3.2

FIX: Unchecked Buffer May Occur When You Connect to Remote Data Source

View products that this article applies to.
This article was previously published under Q317979
This article discusses a security or privacy issue that may affect the operation of your computer. The information in this article is provided "as-is" without warranty of any kind. The workaround or hotfix that is described in this article addresses the issue as it is currently understood, but may not protect against any undiscovered variants of this issue. Microsoft recommends that you apply this cumulative patch or implement the workarounds if one is provided.
BUG #: 102359 (SQLBUG_70)
BUG #: 356666 (SHILOH_BUGS)

On This Page

Expand all | Collapse all

SYMPTOMS

When you submit a query to a remote data source and the query contains a string longer than what is expected, the buffer could be overwritten. If you submit a query that has a string longer than expected, the query may cause a handled exception of this SQL Server thread, or may allow an attacker to run arbitrary code under the security context in which the SQL Server service is running.
Back to the top

RESOLUTION

SQL Server 2000

To resolve this problem in SQL Server 2000, use these steps:
  1. Obtain and install SQL Server 2000 Service Pack 2.

    For information on how to obtain SQL Server 2000 Service Pack 2, see the following article in the Microsoft Knowledge Base:
    290211  (http://support.microsoft.com/kb/290211/EN-US/ ) INF: How to Obtain the Latest SQL Server 2000 Service Pack
  2. Apply the hotfix.

    The English version of this fix should have the following file attributes or later: 
       Date          Time         Version       Size        File name
   -----------------------------------------------------------------

   2/12/2002     11:28 PM     8.00.0578     7269 KB     Sqlservr.exe
    NOTE: Due to file dependencies, the most recent hotfix or feature that contains the preceding files may also contain additional files.
    To download the hotfix for SQL Server 2000, see the following article in the Microsoft Knowledge Base:
    316333  (http://support.microsoft.com/kb/316333/EN-US/ ) INF: SQL Server 2000 Security Update for Service Pack 2

Back to the top

SQL Server 7.0

To resolve this problem, obtain the latest service pack for Microsoft SQL Server 7.0. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
301511  (http://support.microsoft.com/kb/301511/EN-US/ ) INF: How to Obtain the Latest SQL Server 7.0 Service Pack
NOTE: The following hotfix was created prior to Microsoft SQL Server 7.0 Service Pack 4.

Hotfix: To resolve this problem in SQL Server 7.0, follow these steps:
  1. Obtain SQL Server 7.0 Service Pack 3. For information about how to obtain SQL Server 7.0 Service Pack 3, see the following article in the Microsoft Knowledge Base:

    274799  (http://support.microsoft.com/kb/274799/EN-US/ ) INF: How to Obtain Service Pack 3 for Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0
  2. Apply the appropriate hotfix for your platform.

    Intel

    The English version of this fix for the Intel platform should have the following file attributes or later:
       Date          Time        Version          Size        File name
   ---------------------------------------------------------------------

   2/18/2002     4:19 PM     7.00.1021.02     4937 KB     Sqlservr.exe
    NOTE: Because of file dependencies, the most recent hotfix or feature that contains the preceding files may also contain additional files.


    Alpha

    The English version of this fix for the Alpha platform should have the following file attributes or later: 
       Date          Time        Version          Size        File name
   ---------------------------------------------------------------------

   2/18/2002     4:19 PM     7.00.1021.02     11385 KB     Sqlservr.exe
    NOTE: Due to file dependencies, the most recent hotfix or feature that contains the preceding files may also contain additional files.


    To download the hotfix for SQL Server 7.0 (for either platform), see the following article in the Microsoft Knowledge Base:
    318268  (http://support.microsoft.com/kb/318268/EN-US/ ) INF: SQL Server 7.0 Security Update for Service Pack 3

Back to the top

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

SQL Server 7.0
This problem was first corrected in Microsoft SQL Server 7.0 Service Pack 4.
Back to the top
APPLIES TO
  • Microsoft SQL Server 2000 Standard Edition
  • Microsoft SQL Server 7.0 Standard Edition
Back to the top
Keywords: 
kbhotfixserver kbqfe kbbug kbfix kbsqlserv700presp4fix KB317979
Back to the top
 

Get Help Now

Contact a support professional by E-mail, Online, or Phone

Article Translations

 

Related Support Centers