Microsoft SQL Server < 7 Local Privilege Escalation

high Nessus Plugin ID 11870

Synopsis

The remote SQL Server is affected by a local privilege escalation vulnerability.

Description

Based on its version number, the remote host may be vulnerable to a local exploit wherein an authenticated user can obtain and crack SQL usernames and passwords from the registry.

An attacker may use this flaw to elevate their privileges on the local database.

*** This alert might be a false positive, as Nessus did not actually
*** check for this flaw but relied solely on the presence of Microsoft
*** SQL 7 to issue this alert.

Solution

Ensure that the configuration has enabled Always prompting for login name and password.

See Also

http://www.nessus.org/u?3ed99acb

Plugin Details

Severity: High

ID: 11870

File Name: mssql_lte_7.nasl

Version: 1.23

Type: local

Agent: windows

Family: Databases

Published: 10/8/2003

Updated: 4/11/2022

Supported Sensors: Nessus Agent

Risk Information

CVSS Score Source: CVE-2000-0199

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:sql_server

Required KB Items: mssql/installed

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 3/14/2000

Reference Information

CVE: CVE-2000-0199

BID: 1055