Insecure File Permissions in Microsoft SQL Server 2000 and MSDE 1.0
CVE-2002-0643

Currently unrated

Key Information:

Vendor: Microsoft
Status: Sql Server; Data Engine
Vendor: CVE Published:; 23 July 2002

What is CVE-2002-0643?

The installation process of Microsoft SQL Server 2000 and Microsoft Data Engine 1.0 (MSDE 1.0) results in the creation of setup.iss files with insecure permissions. These files, which contain sensitive information including weakly encrypted passwords, are not deleted post-installation. Consequently, local users may exploit this vulnerability to access sensitive data, potentially leading to unauthorized privileges.

References

http://marc.info/?l=bugtraq&m=102640092826731&w=2

mailing-listx_refsource_BUGTRAQ

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://marc.info/?l=vuln-dev&m=102640394131103&w=2

mailing-listx_refsource_VULN-DEV

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 23, 2002
Vulnerability Reserved
Jun 28, 2002