Microsoft SQL Server < 7 Local Privilege Escalation

This script is Copyright (C) 2003-2016 Tenable Network Security, Inc.


Synopsis :

The remote SQL Server is affected by a local privilege escalation
vulnerability.

Description :

Based on its version number, the remote host may be vulnerable to a
local exploit wherein an authenticated user can obtain and crack SQL
usernames and passwords from the registry.

An attacker may use this flaw to elevate their privileges on the local
database.

*** This alert might be a false positive, as Nessus did not actually
*** check for this flaw but relied solely on the presence of Microsoft
*** SQL 7 to issue this alert.

See also :

http://www.iss.net/threats/advise45.html

Solution :

Ensure that the configuration has enabled Always prompting for login
name and password.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.1
(CVSS2#E:U/RL:U/RC:C)

Family: Databases

Nessus Plugin ID: 11870 ()

Bugtraq ID: 1055

CVE ID: CVE-2000-0199

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial