Vigilante Information for VU#484891

Microsoft SQL Server 2000 contains stack buffer overflow in SQL Server Resolution Service



Vendor Statement

SecureScan NX

SecureScan NX ships with MSDE. In order to protect existing installations, we urge all customers to update to MSDE SP3. SecureScan NX is fully supported on MSDE SP3.

A FAQ item has been posted on our website on how to update:

VIGILANTe now ships a new version of SecureScan NX setup program that installs MSDE SP3 and is not affected by this vulnerability.

SecureScan SP

SecureScan SP does not ship with MSDE. However, SecureScan SP needs access to an MS SQL Server for proper installation. SecureScan SP users need to make sure their SQL Servers are not affected by this vulnerability. SecureScan SP is fully supported on MS SQL Server SP 3.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.