CVE-2002-1981

Name of the Vulnerable Software and Affected Versions Microsoft SQL Server versions 2000 through 2000 SP2

Description The issue allows the "public" role to execute certain stored procedures, which enables attackers to modify configuration settings. This includes SQL server startup and alert settings through the execution of the (1) sp MSSetServerProperties or (2) sp MSsetalertinfo stored procedures.

Recommendations For Microsoft SQL Server versions 2000 through 2000 SP2, restrict access to the sp MSSetServerProperties and sp MSsetalertinfo stored procedures to prevent unauthorized configuration changes.