|
|
Info |
Last Modified |
| 6 months ago |
|
|
|
|
Description |
Multiple SQL Server contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered due to insecure configuration settings of the TCP/IP Listener, which may allow a remote attacker to query the server for sensitive information resulting in a loss of confidentiality.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Information Disclosure
Impact:
Loss of Confidentiality
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
|
|
Technical |
SQL Server accepting TCP/IP connections uses Listeners. A Listener opens one or several listener sockets, each socket accepting TCP/IP connections directed to a specified port number and, optionally, to the specified local IP address. The Listener settings allow the Server administrator to specify the type of connections to accept (regular, cleartext connections or secure connections), and the optional remote address restrictions, which should be configured to allow only access to authenticated users.
|
|
Solution |
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Restrict connections only to authenticated users.
|
|
Products |
|
SQL Server
 |
All Versions |
|
|
|
|
|
|
Credit |
Unknown or Incomplete
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
