Insecure File Permissions in Microsoft SQL Server 2000 and MSDE 1.0
CVE-2002-0643

Currently unrated

Key Information:

Vendor
Microsoft
Status
Sql Server
Data Engine
Vendor
CVE Published:
23 July 2002

Summary

The installation process of Microsoft SQL Server 2000 and Microsoft Data Engine 1.0 (MSDE 1.0) results in the creation of setup.iss files with insecure permissions. These files, which contain sensitive information including weakly encrypted passwords, are not deleted post-installation. Consequently, local users may exploit this vulnerability to access sensitive data, potentially leading to unauthorized privileges.

References

http://marc.info/?l=bugtraq&m=102640092826731&w=2
mailing-listx_refsource_BUGTRAQ
https://docs.microsoft.com/en-us/security-updates/securit...
vendor-advisoryx_refsource_MS
http://marc.info/?l=vuln-dev&m=102640394131103&w=2
mailing-listx_refsource_VULN-DEV

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2002-0643 : Insecure File Permissions in Microsoft SQL Server 2000 and MSDE 1.0 | SecurityVulnerability.io