Author Archive
Microsoft Issues Two SQL Server Updates
June 11, 2002
Two new Microsoft security bulletins today: MS02-034 is a cumulative patch for SQL Server 2000 which fixes three new vulnerabilities as well as all those from earlier updates. Two of these new holes are buffer overruns that can result in remote system compromise; however, only certain server configurations are at risk. SQL Server 7.0 is […]
Remote Overflow in iPlanet Web Server
June 9, 2002
A buffer overflow has been discovered in the search component of Sun’s iPlanet Web Server, which is not activated by default. The unchecked buffer handles the NS-rel-doc-name parameter; remote system compromise is possible. See the advisory for more information. The hole was reported to Sun back in April, but they didn’t patch it till now. […]
Flaws Found In MS SQL Server Password Hashes
June 9, 2002
Dave Litchfield at Next Generation Security Software has released an interesting whitepaper, Microsoft SQL Server Passwords: Cracking the password hashes. It analyzes the pwdencrypt() function, which produces a hash of users’ passwords for storage in the system database. The problem is that the salt used to generate the hash is insecurely time dependent, and based […]
« Older Entries Newer Entries »
