Data Management

Exterminator: New vulnerabilities plague SQL Server 7.0

Are you running SQL 7.0? There's a new Exterminator in town, and he's discovered some tidbits you might be interested in. You'll also find information on new Novell updates.

There’s a new Exterminator in town!
TechRepublic's Ed Engelking brings you his insight on bug fixes, virus recovery, service release announcements, and security notices for Windows, Novell, and other systems.

Vulnerability in Microsoft SQL Server 7.0
 
Regarding: Microsoft SQL Server 7.0
Date posted: March 14, 2000
Information URL: Click here to visit the Web site

According to an alert posting on the XForce Web site, there is a hole in the Microsoft SQL Server 7.0 encryption step used to store administrative login ID. The vulnerability, reported by Internet Security Systems, is caused by a weak encryption value stored in the Windows registry. For more information, visit the XForce Web site by using the information URL above.

Microsoft Security Bulletin (MS00-014)
 
Regarding: Microsoft SQL Server 7.0 and Microsoft Data Engine 1.0
Date posted by Microsoft: March 8, 2000
Patch URL: Click here to get the patch

Microsoft recently released a patch for its SQL Server 7.0 and Microsoft Data Engine 1.0. The patch eliminates a vulnerability that could allow the remote author of a SQL query to take actions on a SQL Server or MSDE database without authorization. For more information, visit Microsoft’s Web site .

Microsoft Security Bulletin (MS00-008)
 
Regarding: Microsoft NT 4.0
Date posted by Microsoft: March 9, 2000
Patch URL: Intel – Clickhere to get the patch
Patch URL: Alpha – Clickhere to get the patch

Microsoft recently released a tool that gives tighter permissions on three sets of registry values in NT 4.0. The original permissions could allow a user to gain privileges on a machine that they are able to log onto interactively. This bug does not have an effect on Windows 2000. For more information, visit Microsoft’s Web site .

Novell update
 
Regarding: NetWare Administrator 5.19
Date posted: March 14, 2000
Patch URL: Click here to get the patch

Novell has recently updated its NetWare Administrator program. This patch addresses a problem that occurs when NWAdmin runs out of Thread Local Storage (TLS) handles due to the amount of DLL snap-ins it loads. The symptoms occur on workstations that load NWADMN32.EXE from a server with multiple products installed, which in turn use snap-ins to NWADMN32. Symptoms include the messages “C++ Runtime Error” or “dll is missing or corrupt” when loading NWADMN32. For more information, visit the Novell Web site .

Novell update
 
Regarding: ManageWise—Virus Signature 9.31 Update
Date posted: March 13, 2000
Patch URL: Click here to get the patch (NT Only)

Novell released a virus signature update and service pack for its InocuLAN version 4.0 for both Windows NT and 9x. The patch may be used for either ManageWise 2.5 or 2.6. For more information, visit the NovellWeb site .

Virus Update: KALI virus doesn’t need to be cured
 
Regarding: KALI, a.k.a. Let’s Watch TV
Date posted: March 8, 2000
Status of virus: Hoax
Risk: Low

Network Associates released a statement on March 8, 2000, describing the KALI virus as a hoax. Also known as “Let’s Watch TV,” the hoax is sent in e-mail by concerned users who may be tricked into believing there is such a virus. This e-mail hoax is not related to the existing known virus named “Kali-4.” For more information, visit the Network Associates Web site .

Ed Engelking is co-owner of UCANweb.com . He’s also a regular TechRepublic contributor.


The only good bug is a patched bug!
Have you found a new bug or discovered a nifty little software patch? We’re interested in what you know! Post your findings below or feel free to send us a note.