ID de Prueba:	1.3.6.1.4.1.25623.1.0.11217
Categoría:	Databases
Título:	Microsoft SQL (MSSQL) Server 6, 7, 2000 Multiple Vulnerabilities
Resumen:	The plugin attempts a smb connection to read version from the; registry key 'SOFTWARE\Microsoft\MSSQLServer\MSSQLServer\CurrentVersion' to determine the version; of Microsoft SQL and the Service Pack the host is running.
Descripción:	Summary: The plugin attempts a smb connection to read version from the registry key 'SOFTWARE\Microsoft\MSSQLServer\MSSQLServer\CurrentVersion' to determine the version of Microsoft SQL and the Service Pack the host is running. Vulnerability Impact: Some versions may allow remote access, denial of service attacks, and the ability of a hacker to run code of their choice. Solution: Apply current service packs and hotfixes. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2000-0202 BugTraq ID: 1041 http://www.securityfocus.com/bid/1041 Microsoft Security Bulletin: MS00-014 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-014 Common Vulnerability Exposure (CVE) ID: CVE-2000-0485 BugTraq ID: 1292 http://www.securityfocus.com/bid/1292 Bugtraq: 20000530 Fw: Steal Passwords Using SQL Server EM (Google Search) http://www.securityfocus.com/archive/1/62771 Microsoft Security Bulletin: MS00-041 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-041 XForce ISS Database: mssql-dts-reveal-passwords(4582) https://exchange.xforce.ibmcloud.com/vulnerabilities/4582 Common Vulnerability Exposure (CVE) ID: CVE-2000-0603 BugTraq ID: 1444 http://www.securityfocus.com/bid/1444 Microsoft Security Bulletin: MS00-048 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-048 XForce ISS Database: mssql-procedure-perms(4921) https://exchange.xforce.ibmcloud.com/vulnerabilities/4921 Common Vulnerability Exposure (CVE) ID: CVE-2000-1081 @stake Security Advisory: 20001201 Microsoft SQL Server extended stored procedure vulnerability http://marc.info/?l=bugtraq&m=97570878710037&w=2 BugTraq ID: 2030 http://www.securityfocus.com/bid/2030 Microsoft Security Bulletin: MS00-092 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-092 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A231 Common Vulnerability Exposure (CVE) ID: CVE-2000-1082 BugTraq ID: 2031 http://www.securityfocus.com/bid/2031 Common Vulnerability Exposure (CVE) ID: CVE-2000-1083 BugTraq ID: 2038 http://www.securityfocus.com/bid/2038 Common Vulnerability Exposure (CVE) ID: CVE-2000-1084 BugTraq ID: 2039 http://www.securityfocus.com/bid/2039 Common Vulnerability Exposure (CVE) ID: CVE-2000-1085 @stake Security Advisory: 20001201 SQL Server 2000 Extended Stored Procedure Vulnerability http://marc.info/?l=bugtraq&m=97570884410184&w=2 BugTraq ID: 2040 http://www.securityfocus.com/bid/2040 Common Vulnerability Exposure (CVE) ID: CVE-2000-1086 BugTraq ID: 2041 http://www.securityfocus.com/bid/2041 Common Vulnerability Exposure (CVE) ID: CVE-2000-1087 BugTraq ID: 2042 http://www.securityfocus.com/bid/2042 Common Vulnerability Exposure (CVE) ID: CVE-2000-1088 BugTraq ID: 2043 http://www.securityfocus.com/bid/2043 Common Vulnerability Exposure (CVE) ID: CVE-2001-0344 Computer Incident Advisory Center Bulletin: L-095 http://www.ciac.org/ciac/bulletins/l-095.shtml Microsoft Security Bulletin: MS01-032 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-032 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A71 XForce ISS Database: mssql-cached-connection-access(6684) https://exchange.xforce.ibmcloud.com/vulnerabilities/6684 Common Vulnerability Exposure (CVE) ID: CVE-2001-0509 Microsoft Security Bulletin: MS01-041 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-041 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A82 Common Vulnerability Exposure (CVE) ID: CVE-2001-0542 @stake Security Advisory: A122001-1 http://www.atstake.com/research/advisories/2001/a122001-1.txt BugTraq ID: 3733 http://www.securityfocus.com/bid/3733 Bugtraq: 20011221 @stake advisory: Multiple overflow and format string vulnerabilities in in Microsoft SQL Server (Google Search) http://marc.info/?l=bugtraq&m=100891252317406&w=2 CERT/CC vulnerability note: VU#700575 http://www.kb.cert.org/vuls/id/700575 Microsoft Security Bulletin: MS01-060 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-060 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A83 XForce ISS Database: mssql-text-message-bo(7724) https://exchange.xforce.ibmcloud.com/vulnerabilities/7724 Common Vulnerability Exposure (CVE) ID: CVE-2001-0879 BugTraq ID: 3732 http://www.securityfocus.com/bid/3732 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A253 XForce ISS Database: mssql-c-runtime-format-string(7725) https://exchange.xforce.ibmcloud.com/vulnerabilities/7725 Common Vulnerability Exposure (CVE) ID: CVE-2002-0056 BugTraq ID: 4135 http://www.securityfocus.com/bid/4135 Bugtraq: 20020219 MSDE, Sql Server 7 & 2000 Adhoc Heterogenous Queries Buffer Overflow and DOS (Google Search) http://marc.info/?l=bugtraq&m=101422555428036&w=2 CERT/CC vulnerability note: VU#619707 http://www.kb.cert.org/vuls/id/619707 Microsoft Security Bulletin: MS02-007 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-007 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A271 http://marc.info/?l=vuln-dev&m=101413924631329&w=2 Common Vulnerability Exposure (CVE) ID: CVE-2002-0154 Bugtraq: 20020305 Another Sql Server 7 Buffer Overflow (Google Search) http://marc.info/?l=bugtraq&m=101535353331625&w=2 Bugtraq: 20020312 Many, many, many Sql Server 7 & 2000 Buffer Overflows (Google Search) http://www.securityfocus.com/archive/1/261775 http://www.cert.org/advisories/CA-2002-22.html CERT/CC vulnerability note: VU#627275 http://www.kb.cert.org/vuls/id/627275 Microsoft Security Bulletin: MS02-020 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-020 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A121 Common Vulnerability Exposure (CVE) ID: CVE-2002-0624 Microsoft Security Bulletin: MS02-034 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-034 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A291 Common Vulnerability Exposure (CVE) ID: CVE-2002-0641 BugTraq ID: 4847 http://www.securityfocus.com/bid/4847 Bugtraq: 20020711 Microsoft SQL Server 2000 'BULK INSERT' Buffer Overflow (#NISR11072002) (Google Search) http://marc.info/?l=bugtraq&m=102639885223746&w=2 CERT/CC vulnerability note: VU#682620 http://www.kb.cert.org/vuls/id/682620 http://www.ngssoftware.com/advisories/ms-sqlbi.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A316 Common Vulnerability Exposure (CVE) ID: CVE-2002-0642 BugTraq ID: 5205 http://www.securityfocus.com/bid/5205 CERT/CC vulnerability note: VU#796313 http://www.kb.cert.org/vuls/id/796313 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1025 http://www.iss.net/security_center/static/9523.php Common Vulnerability Exposure (CVE) ID: CVE-2002-0982 Bugtraq: 20020822 Arbitrary Command Execution on Distributor SQL Server 2000 machines (#NISR22002002A) (Google Search) http://marc.info/?l=bugtraq&m=103004505027360&w=2
Copyright	Copyright (C) 2006 John Lampe

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.