Vulnerability Description
The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Compaq | Insight Manager | 7.0 |
| Compaq | Insight Manager Xe | 1.1 |
| Microsoft | Data Engine | 1.0 |
| Microsoft | Msde | 2000 |
References
- http://marc.info/?l=bugtraq&m=96333895000350&w=2
- http://marc.info/?l=bugtraq&m=96593218804850&w=2
- http://marc.info/?l=bugtraq&m=96644570412692&w=2
- http://online.securityfocus.com/archive/1/273639
- http://security-archive.merton.ox.ac.uk/bugtraq-200008/0233.html
- http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ313418
- http://support.microsoft.com/default.aspx?scid=kb%3BEN-US%3Bq321081
- http://www.iss.net/security_center/static/1459.phpPatchVendor Advisory
- http://www.kb.cert.org/vuls/id/635463PatchThird Party AdvisoryUS Government Resource
- http://www.microsoft.com/security/security_bulletins/ms02020_sql.asp
- http://www.osvdb.org/3570
- http://www.securityfocus.com/bid/4797
- http://marc.info/?l=bugtraq&m=96333895000350&w=2
- http://marc.info/?l=bugtraq&m=96593218804850&w=2
- http://marc.info/?l=bugtraq&m=96644570412692&w=2
FAQ
What is CVE-2000-1209?
CVE-2000-1209 is a vulnerability with a CVSS score of 10.0 (HIGH). The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products ...
How severe is CVE-2000-1209?
CVE-2000-1209 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2000-1209?
Check the references section above for vendor advisories and patch information. Affected products include: Compaq Insight Manager, Compaq Insight Manager Xe, Microsoft Data Engine, Microsoft Msde.