Info

Disclosure

Jun 07, 1999

Discovery

Unknown

Dates

Exploit

Jun 07, 1999

Solution

Unknown

Description

Multiple SQL Server contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered due to insecure configuration settings of the TCP/IP Listener, which may allow a remote attacker to query the server for sensitive information resulting in a loss of confidentiality.

Classification

Location: Remote/Network Access Required
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Restrict connections only to authenticated users.

Products

All Vendors

SQL Server

All Versions

References

ISS X-Force ID: 1289 1461 2211 2388
CVE ID: 1999-0652 (see also: NVD)
Microsoft Knowledge Base Article: 246261
Vendor URL: http://www.hughes.com.au/
http://www.microsoft.com/sql/default.mspx
http://www.mysql.com/
http://www.oracle.com/database/index.html
http://www.sybase.com/home

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218