Guest

Cisco Unity

Cisco Unity 3.x and 4.0 Are Vulnerable to W32.Slammer Worm

Cisco - Cisco Unity 3.x and 4.0 Are Vulnerable to W32.Slammer Worm

Document ID: 40206

Updated: Apr 09, 2006

   Print

Introduction

This document describes the Cisco Unity 3.x and 4.0 vulnerability to the W32.Slammer worm. All Cisco Unity 3.x and 4.0 systems use either Microsoft MSDE 2000 or Microsoft SQL Server 2000. Both Microsoft Desktop Engine (MSDE) and Structured Query Language (SQL) Server 2000 are affected by the W32.Slammer worm, so all Cisco Unity 3.x and 4.0 systems are potentially at risk for infection by this worm.

Note: When you install MSDE Service Pack 3 or SQL Server 2000 Service Pack 3 as described in this document, you will have also upgraded MDAC to version 2.7 Service Pack 1.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

The information in this document is based on Cisco Unity 3.x and 4.0 (Unity 2.x does not use SQL or MSDE).

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

For more information on document conventions, refer to the Cisco Technical Tips Conventions.

Protection Issues

Some Cisco Unity systems are already protected from the worm:

  • Cisco Unity 4.0 systems that were installed according to the instructions in the “Customizing the Cisco Unity Platform” chapter in the Cisco Unity 4.0 Installation Guide already have the patch installed.

  • Microsoft Security Bulletin MS02-061 was released with a patch that protects systems against the W32.Slammer worm. If the patch has already been installed on the Cisco Unity server, the server is now protected. For more information, refer to Microsoft Security Bulletin MS02-061 leavingcisco.com.

To determine whether the Cisco Unity server is already protected from the worm, you must verify the version of the ssnetlib.dll file that is on your system:

  1. Right-click Start and choose Search.

  2. Click the Look In drop-down list and select the drive on which you have installed SQL.

  3. In the Search for files or folders named field, enter the file name ssnetlib.dll.

  4. When the file appears in the right side of the search window, right-click the file name and choose Properties.

  5. Click the Version tab.

  6. In the Item Name list, click Product Version.

  7. If Product Version is:

    • Earlier than 8.00.0636, then the server is vulnerable to the W32.Slammer worm. Download and install Service Pack 3.

    • Later than 8.00.0636, then Service Pack 2 and the Microsoft Security Bulletin MS02-061 patch have both been installed, so the server is not vulnerable to the W32.Slammer worm. You do not need to do anything more, though you may install Service Pack 3.

    If necessary, you can use Windows Terminal Services to install the service pack or patch.

Determining Whether MSDE or SQL Server 2000 is Installed

Complete these steps to determine whether the Cisco Unity server is using MSDE or SQL Server 2000:

  1. Choose Start > Run.

  2. In the Open field, type cmd to open a command prompt window.

  3. Type osql –E and press Enter to begin an OSQL session.

  4. Type select @@version and press Enter.

  5. Type go and press Enter.

  6. The text that appears after the copyright information indicates which software is installed:

    • Desktop Engine on Windows NT indicates that MSDE is installed.

    • Standard Edition on Windows NT indicates that SQL Server 2000 is installed.

Alternatively, you can perform this procedure:

  1. Choose Start > Programs > Microsoft SQL Sever > Enterprise Manager.

  2. On the left pane, expand the Console Root > Microsoft SQL Servers > SQL Server Group > your server name .

  3. Right-click your server name and choose Properties.

  4. On the General tab, you will see Product:

    • SQL Server Desktop Engine indicates that MSDE is installed.

    • SQL Server Standard Edition indicates that SQL Server 2000 is installed.

Downloading Service Pack 3 for MSDE or SQL Server 2000

Complete these steps to download Service Pack 3 for MSDE or SQL Server 2000:

  1. Go to the download page on the Microsoft website for SQL Server 2000 Service Pack 3a leavingcisco.com.

  2. Download the appropriate file:

    • MSDE—Download the file SQL2KDeskSP3.exe.

    • SQL Server 2000—Download the file sql2ksp3.exe.

  3. If you are installing Service Pack 3 on both Cisco Unity servers in a failover configuration, copy the file to both servers.

  4. Perform one of these procedures, depending on whether MSDE or SQL Server 2000 is installed on the Cisco Unity server, and depending on whether failover is configured:

Installing Service Pack 3 for MSDE

Complete these steps to install Service Pack 3 for MSDE:

Note: If the error message Instance Name is Invalid appears while you are performing this task, see the Troubleshooting section.

  1. Insert the Cisco Unity Data Store compact disc in the CD-ROM drive on the Cisco Unity server.

    This is required by the service pack installation program.

  2. In Windows Explorer, double-click SQL2KDeskSP3.exe to extract the MSDE Service Pack 3 installation files.

    Note: This does not install MSDE Service Pack 3, it only extracts the files that are required to install the service pack.

  3. Specify a location for the Service Pack 3 files (for example, C:\Temp).

  4. Choose Start > Run.

  5. In the Open field, type cmd to open a command prompt window.

  6. Type cd \commserver to change the directory to the CommServer directory.

  7. Type kill -f av*.* and press Enter.

  8. Close the command prompt window.

  9. Browse to the directory into which you extracted the files.

  10. Browse to the MSDE directory.

  11. Double-click Setup.exe.

    Note: You might see an error message that states that SQL Setup has found services running that are using files it needs to replace. If so, you will have to stop the services manually, with the Services Management Console, before you can continue the upgrade.

  12. When the installation is finished, the MSDE Service Pack 3 installation program prompts you to restart the server to complete the installation. Shut down and restart the Cisco Unity server.

  13. If the installation fails, see the Troubleshooting section.

Installing SQL Server 2000 Service Pack 3 without Failover

Complete these steps to install SQL Server 2000 Service Pack 3 without failover:

Note: If you encounter any problems while performing this task, see the Troubleshooting section.

  1. Insert the Cisco Unity Data Store compact disc in the CD-ROM drive on the Cisco Unity server.

    This is required by the service pack installation program.

  2. In Windows Explorer, double-click sql2ksp3.exe to extract the SQL Server 2000 Service Pack 3 installation files.

    Note: This does not install SQL Server 2000 Service Pack 3, it only extracts the files that are required to install the service pack

  3. Specify a location for the Service Pack 3 files (for example, C:\Temp).

  4. Choose Start > Run.

  5. In the Open field, type cmd to open a command prompt window.

  6. Type cd \commserver to change the directory to the CommServer directory.

  7. Type kill -f av*.* and press Enter.

  8. Close the command prompt window.

  9. Browse to the directory into which you extracted the files.

  10. Browse to the x86\Setup directory.

  11. Double-click Setupsql.exe.

    Note: You might see an error message that states that SQL Setup has found services running that are using files it needs to replace. If so, you will have to stop the services manually, with the Services Management Console, before you can continue the upgrade.

  12. Follow the on-screen prompts to install the service pack. Do not check the Enable Cross-Database Ownership Chaining For All Databases (Not Recommended) checkbox.

  13. When the installation is finished, shut down and restart the Cisco Unity server.

  14. If the installation fails, see the Troubleshooting section.

Installing SQL Server 2000 Service Pack 3 with Failover

Complete these steps to install SQL Server 2000 Service Pack 3 with failover:

Note: If you encounter any problems while performing this task, see the Troubleshooting section.

  1. On the primary Cisco Unity server, insert the Cisco Unity Data Store compact disc in the CD-ROM drive.

    This is required by the service pack installation program.

  2. In Windows Explorer, double-click sql2ksp3.exe to extract the SQL Server 2000 Service Pack 3 installation files.

    Note: This does not install SQL Server 2000 Service Pack 3, it only extracts the files that are required to install the service pack.

  3. Specify a location for the Service Pack 3 files (for example, C:\Temp).

  4. Fail over to the secondary server.

  5. Choose Start > Run on the primary server.

  6. In the Open field, type cmd to open a command prompt window.

  7. Type cd \commserver to change the directory to the CommServer directory.

  8. Type kill -f av*.* and press Enter.

  9. Close the command prompt window.

  10. Browse to the directory into which you extracted the files.

  11. Browse to the x86\Setup directory.

  12. Double-click Setupsql.exe.

    Note: You might see an error message that states that SQL Setup has found services running that are using files it needs to replace. If so, you will have to stop the services manually, with the Services Management Console, before you can continue the upgrade.

  13. Follow the on-screen prompts to install the service pack. Do not check the Enable Cross-Database Ownership Chaining For All Databases (Not Recommended) checkbox.

    If the installation fails, see the Troubleshooting section.

  14. Delete the service pack installation files.

  15. Restart the primary server.

  16. Fail back to the primary server.

  17. On the secondary Cisco Unity server, insert the Cisco Unity Data Store compact disc in the CD-ROM drive.

  18. In Windows Explorer, double-click sql2ksp3.exe to extract the SQL Server 2000 Service Pack 3 installation files.

  19. Specify a location for the Service Pack 3 files (for example, C:\Temp).

  20. Choose Start > Run on the secondary server.

  21. In the Open field, type cmd to open a command prompt window.

  22. Type cd \commserver to change the directory to the CommServer directory.

  23. Type kill -f av*.* and press Enter.

  24. Close the command prompt window.

  25. Browse to the directory into which you extracted the files.

  26. Browse to the x86\Setup directory.

  27. Double-click Setupsql.exe.

    Note: You might see an error message that states that SQL Setup has found services running that are using files it needs to replace. If so, you will have to stop the services manually, with the Services Management Console, before you can continue the upgrade.

  28. Follow the on-screen prompts to install the service pack. Do not check the Enable Cross-Database Ownership Chaining For All Databases (Not Recommended) checkbox.

    If the installation fails, see the Troubleshooting section.

  29. Delete the service pack installation files.

  30. Restart the secondary server.

Detecting and Patching Additional Instances of MSDE on the Cisco Unity Server

Some third-party applications that may be installed on the Cisco Unity server (Veritas Backup Exec, Dell OpenManage IT Assistant, Hewlett-Packard Insight Manager, Hewlett-Packard OpenView) automatically install additional instances of MSDE. For a detailed list, refer to SQL Server/MSDE-Based Applications leavingcisco.com.

Microsoft recommends that you contact the manufacturer of each application for information on how to upgrade MSDE to Service Pack 3, for that application. In the meantime, though, you can apply a patch that detects all additional instances of MSDE on the Cisco Unity server and patches them to protect them from the W32.Slammer worm.

To determine whether any additional instances of MSDE appear on the Cisco Unity server and patch them automatically, perform this procedure:

  1. Go to the download page on the Microsoft website for SQL Server 2000 Security Tools leavingcisco.com.

  2. Download the SQL Critical Update, SQLHotfixPkg_ENU.exe (or another language version, if appropriate).

    Note: The language of the Critical Update that you download and install must match the language of the MSDE instances that you are fixing.

    For more information, refer to the readme_SQLHotfixPkg.txt file, available in the same location.

  3. Choose Start > Run on the secondary server.

  4. In the Open field, type cmd to open a command prompt window.

  5. Type cd \commserver to change the directory to the CommServer directory.

  6. Type kill -f av*.* and press Enter.

  7. Close the command prompt window.

  8. On the Cisco Unity server, in Windows Explorer, browse to the location of the file SQLHotfixPkg_ENU.exe and double-click it.

  9. SQL Critical Update does not indicate when the installation is complete. Check for a log file in the C:\Windows\SQLHotfix directory to verify that the update is installed.

Troubleshooting

“Instance name is invalid” Error (MSDE Only)

If you are installing MSDE Service Pack 3 and you see the error Instance name is invalid, perform this procedure:

  1. Browse to the folder into which you extracted the MSDE service pack files.

  2. Browse to the MSDE directory.

  3. Right-click the Setup.exe file and choose Create Shortcut.

  4. Right-click the shortcut to Setup.exe and choose Properties.

  5. In the Target field add /upgradesp sqlrun blanksapwd=1 after setup.exe.

    For example, if you extracted the files to C:\Temp, then the string will be c:\temp\sql2ksp3\MSDE\setup.exe /upgradesp sqlrun blanksapwd=1.

  6. Click OK.

  7. Double-click the shortcut to Setup.exe to run the upgrade.

Installation Hangs at Validating User or MDAC Installation (SQL Server 2000 Only)

Start the MSSQLSERVER service as a “single-user mode” session and re-run the service pack installation:

  1. Stop all SQL services.

  2. Choose Start > Run on the secondary server.

  3. In the Open field, type cmd to open a command prompt window.

  4. Change to the directory where sqlservr.exe is installed.

  5. Issue the sqlservr –m command.

  6. Re-run setupsql.exe.

Installation Fails to Validate Current User (SQL Server 2000 Only)

Verify that all Cisco Unity services are stopped, including the Cisco Unity icon in the Windows task bar. You can stop all Unity services with this procedure:

  1. Choose Start > Run.

  2. In the Open field, type cmd to open a command prompt window.

  3. Type cd \commserver to change the directory to the CommServer directory.

  4. Type kill -f av*.* and press Enter.

  5. Close the command prompt window.

Related Information

Updated: Apr 09, 2006
Document ID: 40206