denolth2
07-15-02, 12:29 PM
taken from lockergnome:
SQL Server Install Leaves Passwords Behind
http://www.microsoft.com/technet/security/bulletin/MS02-035.asp
During the installation of SQL Server 7.0 or 2000, various bits of configuration information are stored in a setup.iss file, including account passwords that have been captured in order to configure the services. Prior to certain service packs, these passwords are stored as clear text, which is problematic because the file is left on the hard drive after the installation process is completed. Peruse the details of the bulletin to be sure you've cleaned up any relevant bits and pieces applicable to your environment.
SQL Server Cumulative Patch
http://www.microsoft.com/technet/security/bulletin/MS02-034.asp
A new roll-up patch is available for SQL Server that takes care of all previous security issues, plus a trio of new items. Two buffer overrun vulnerabilities exist that could allow an attacker to gain control over the server, and a different privilege elevation flaw can be exploited due to improper permissions within the registry. All three are spackled over by the latest cumulative patch described further in this bulletin.
:p den2
SQL Server Install Leaves Passwords Behind
http://www.microsoft.com/technet/security/bulletin/MS02-035.asp
During the installation of SQL Server 7.0 or 2000, various bits of configuration information are stored in a setup.iss file, including account passwords that have been captured in order to configure the services. Prior to certain service packs, these passwords are stored as clear text, which is problematic because the file is left on the hard drive after the installation process is completed. Peruse the details of the bulletin to be sure you've cleaned up any relevant bits and pieces applicable to your environment.
SQL Server Cumulative Patch
http://www.microsoft.com/technet/security/bulletin/MS02-034.asp
A new roll-up patch is available for SQL Server that takes care of all previous security issues, plus a trio of new items. Two buffer overrun vulnerabilities exist that could allow an attacker to gain control over the server, and a different privilege elevation flaw can be exploited due to improper permissions within the registry. All three are spackled over by the latest cumulative patch described further in this bulletin.
:p den2