QwikSec

Security Database

CVE

CWE

Training

CVE-2002-1981

Published: Jun 28, 2005

Modified: Sep 16, 2024

PUBLISHED

Description

Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

mssql-sp-public-access(10012)

vdb-entry

x_refsource_XF

http://www.ngssoftware.com/advisories/mssql-sp_MSSetServerProperties.txt

x_refsource_MISC

20020902 Microsoft SQL Server Stored procedures [sp_MSSetServerPropertiesn and sp_MSsetalertinfo] (#NISR03092002A)

mailing-list

x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.