Article ID: 299717 - Last Review: August 9, 2004 - Revision: 5.5

FIX: Query Method Used to Access Data May Allow Rights that the Login Might Not Normally Have

View products that this article applies to.
This article was previously published under Q299717
BUG #: 101692 (SQLBUG_70)
BUG #: 354039 (SHILOH_BUGS)

On This Page

Expand all | Collapse all

SYMPTOMS

Logins that use the SQL Server Authentication (Standard) security mode with a particular query method used to access data from an OLE-DB data source may allow rights that the login might not normally have.
Back to the top

RESOLUTION

SQL Server 2000

To resolve this problem, obtain the latest service pack for SQL Server 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
290211  (http://support.microsoft.com/kb/290211/EN-US/ ) INF: How to Obtain the Latest SQL Server 2000 Service Pack

If you are running SQL Server 2000 without any Service Packs, the individual hotfix is available from the Microsoft Download Center:
Collapse this imageExpand this image
Download SQL Server 2000 patch (s80296i.exe) now (http://download.microsoft.com/download/sqlsvr2000/patch/s80296i/win98/en-us/s80296i.exe)
The s80296i.exe file contains the following files: 
   File name      Size         Date
   -------------------------------------
   Sqlservr.exe   7,458,877    5/22/2001
   Sqlservr.pdb   12,510,208   5/22/2001
   Readme.txt     4,205        5/22/2001
Release Date: MAY-25-2001

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591  (http://support.microsoft.com/kb/119591/EN-US/ ) How To Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.

Back to the top

SQL Server 7.0

To resolve this problem, obtain the latest service pack for Microsoft SQL Server 7.0. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
301511  (http://support.microsoft.com/kb/301511/EN-US/ ) INF: How to Obtain the Latest SQL Server 7.0 Service Pack
NOTE: The following hotfix was created prior to Microsoft SQL Server 7.0 Service Pack 4.

A supported fix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Apply it only to computers that you determine are at risk of attack. Evaluate your computer's physical accessibility, network and Internet connectivity, and other factors to determine the degree of risk to your computer. See the associated Microsoft Security Bulletin (http://www.microsoft.com/technet/security/bulletin/MS01-032.mspx) to help determine the degree of risk. This fix may receive additional testing. If your computer is sufficiently at risk, Microsoft recommends that you apply this fix now. Otherwise, wait for the next SQL Server 7.0 service pack that contains this fix.

To resolve this problem immediately, download the fix by following the instructions later in this article or contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information about support costs, visit the following Microsoft Web site:
http://support.microsoft.com/default.aspx?scid=fh;EN-US;CNTACTMS (http://support.microsoft.com/default.aspx?scid=fh;en-us;cntactms)
NOTE: In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The usual support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

The following files are available for download from the Microsoft Download Center:
Intel (x86):
Collapse this imageExpand this image
Download Intel SQL Server 7.0 patch (s70996i.exe) now (http://download.microsoft.com/download/sql70/patch/s70996i/win98/en-us/s70996i.exe)

Alpha:
Collapse this imageExpand this image
Download Alpha SQL Server 7.0 patch (s70996a.exe) now (http://download.microsoft.com/download/sql70/patch/s70996a/win98/en-us/s70996a.exe)
The s70996i.exe (Intel x86) file contains the following files: 
   File name      Size        Date
   ------------------------------------
   Sqlservr.exe   5,054,736   5/23/2001
   Sqlservr.dbg   4,359,392   5/23/2001
   Sqlservr.pdb   3,580,928   5/23/2001
   Sqlsort.dll    586,000     1/14/2001
   Readme.txt     4,890       5/23/2001
The s70996a.exe (Alpha) file contains the following files: 
   File name      Size        Date
   ------------------------------------
   Sqlservr.exe   11,664,656  5/23/2001
   Sqlservr.dbg   13,463,184  5/23/2001
   Sqlservr.pdb   5,686,272   5/23/2001
   Sqlsort.dll    593,169     1/14/2001
   Readme.txt     4,874       5/31/2001

Release Date: MAY-25-2001

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591  (http://support.microsoft.com/kb/119591/EN-US/ ) How To Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.
Back to the top

WORKAROUND

This workaround should only be used if you cannot upgrade to SQL Server 7.0 Service Pack 3 and are using versions prior to that. For additional information on SP3, click the article number below to view the article in the Microsoft Knowledge Base:
274799  (http://support.microsoft.com/kb/274799/EN-US/ ) INF: How to Obtain Service Pack 3 for Microsoft SQL Server 7.0
If you are not using replication or do not use or intend to use ad hoc named queries, then you can use the Enterprise Manager (as outlined in the steps that follow) to set an option that nullifies this issue:
  1. In Enterprise Manager, click the Security tab under the SQL Server instance.
  2. Right-click the Linked Servers to open the General properties tab.
  3. Click Provider Options.
  4. Select the Disallow Ad Hoc Queries check box.
The preceding steps effectively remove the ability to perform adhoc named queries.
Back to the top

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

SQL Server 2000
This problem was first corrected in SQL Server 2000 Service Pack 1.

SQL Server 7.0
This problem was first corrected in Microsoft SQL Server 7.0 Service Pack 4.
Back to the top

MORE INFORMATION

For more information about this vulnerability, visit the following Microsoft Web site:
http://www.microsoft.com/technet/security/bulletin/MS01-032.mspx (http://www.microsoft.com/technet/security/bulletin/MS01-032.mspx)
Back to the top

Steps to Install the Fix

To install the fix, use these steps:
  1. Download the appropriate Microsoft SQL Server fix (s70996i.exe for SQL Server 7.0 running on Intel x86 servers, s70996a.exe for SQL Server 7.0 running on Alpha servers and s80296i.exe for SQL Server 2000) by clicking the link to the file shown in the "Resolution" section.
  2. Extract the fix in the downloaded file by running the self-extracting executable file from a Intel based processor computer.
  3. Follow the instructions in the Readme.txt file that is included with the downloaded file.
Back to the top
APPLIES TO
  • Microsoft SQL Server 2000 Standard Edition
  • Microsoft SQL Server 7.0 Standard Edition
Back to the top
Keywords: 
kbdownload kbdownload kbbug kbfix kbsqlserv2000sp1fix KB299717
Back to the top
 

Get Help Now

Contact a support professional by E-mail, Online, or Phone

Article Translations

 

Related Support Centers