CVE-2001-0344 - An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database

CVE-2001-0344

Summary

An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account.

References

Vulnerable Configurations

cpe:2.3:a:microsoft:sql_server:7.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:sql_server:7.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:sql_server:2000:gold:*:*:*:*:*:*
cpe:2.3:a:microsoft:sql_server:2000:gold:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 12-10-2018 - 21:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

oval via4

accepted

2005-04-27T12:07:00.000-04:00

class

vulnerability

contributors

name Yi-Fang Koh
organization The MITRE Corporation
name Jonathan Baker
organization The MITRE Corporation
name Jonathan Baker
organization The MITRE Corporation

description

An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account.

family

windows

oval:org.mitre.oval:def:71

status

accepted

submitted

2003-06-24T12:00:00.000-04:00

title

Privilege Escalation Using Cached Admin Connection

version

refmap via4

ciac	L-095
xf	mssql-cached-connection-access(6684)

Last major update

12-10-2018 - 21:30

Published

21-07-2001 - 04:00

Last modified

12-10-2018 - 21:30