SQL server running

nt-sql-server (1289)

Low Risk

Description:

An SQL server has been detected running. This information is gathered from querying the server information, and can be restricted to authenticated users by setting the RestrictAnonymous registry key.

Platforms Affected:

• Microsoft, SQL Server
• Microsoft, Windows 2000
• Microsoft, Windows 2003 Server
• Microsoft, Windows NT 4.0
• Microsoft, Windows XP

Remedy:

To restrict anonymous connections in Windows NT:

CAUTION: Use Registry Editor at your own risk. Any change using Registry Editor may cause severe and irreparable damage and may require you to reinstall your operating system. Internet Security Systems cannot guarantee that problems caused by the use of Registry Editor can be solved.

1. If you have not already done so, apply the latest Windows NT 4.0 Service Pack (SP4 or later), available from the Windows NT Service Packs Web page. See References.
2. Open Registry Editor. From the Windows NT Start menu, select Run, type regedt32, and click OK.
3. Go to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA key.
4. From the Edit menu, select Add Value to display the Add Value dialog box.
5. In the Value Name field, type RestrictAnonymous.
6. Select REG_DWORD as the Data Type.
7. Click OK to display the DWORD Editor.
8. In the Data field, type 1. (Ignore the Radix setting.)
9. Click OK. Registry Editor adds the key to the registry.
10. Reboot the system to apply the changes.

Note: Changing the Registry entries is only effective after Windows NT 4.0 Service Pack 3 or later has been applied.

Consequences:

Informational

References:

• Microsoft Knowledge Base Article 246261, RestrictAnonymous Access Enabled Lets Anonymous Connections Obtain the Password Policy at http://support.microsoft.com/default.aspx?scid=kb;[LN];246261.
• Microsoft Product Support Services, Windows NT Service Packs at http://www.microsoft.com/ntserver/downloads.
• Microsoft Product Support Services, Knowledge Base Search at http://search.support.microsoft.com/kb/c.asp?fr=0&SD=GN&LN=EN-US.
• CVE-1999-0652: A database service is running, e.g. a SQL server, Oracle, or mySQL.

Reported:

Not available

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page