SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Database)  >   Microsoft SQL Server Vendors:   Microsoft
Microsoft SQL Server Heap Overflow Lets Remote Authenticated Users Execute Arbitrary Code
SecurityTracker Alert ID:  1021490
SecurityTracker URL:  http://securitytracker.com/id/1021490
CVE Reference:   CVE-2008-5416   (Links to External Site)
Updated:  Dec 30 2008
Original Entry Date:  Dec 22 2008
Impact:   Execution of arbitrary code via network, User access via network
Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 2000 SP4, 2005 SP2, 2005 Express Edition, MSDE 2000
Description:   A vulnerability was reported in Microsoft SQL Server. A remote authenticated user can execute arbitrary code on the target system.

A remote authenticated user can send specially crafted data to trigger a heap overflow in the 'sp_replwritetovarbin' MSSQL extended stored procedure and execute arbitrary code on the target system. The code will run with the privileges of the target service.

Exploit code is publicly available.

Microsoft SQL Server 2000 Desktop Engine (MSDE) is affected.

Windows Internal Database (WYukon) is affected.

Microsoft SQL Server versions 7.0 SP4, 2005 SP3, and 2008 are not affected.

[Editor's note: The same vulnerability was reported on December 9, 2008 by SEC Consult. See CVE-2008-5416, Alert ID 1021363. This Alert will be merged with the previous Alert and then this Alert will be deleted from our database.]

Impact:   A remote authenticated user can execute arbitrary code on the target system.
Solution:   No solution was available at the time of this entry.

Some workarounds are described in the vendor's advisory. The workarounds reportedly prevent code execution via the publicly available exploit code.

As a workaround, Microsoft has made available a script to Enterprise and Business Users that denies "public" execute permissions on the sp_replwritetovarbin procedures for all affected versions.

Additional information about the vulnerability is available on the Microsoft Security Vulnerability Research & Defense blog at:

http://blogs.technet.com/swi/archive/2008/12/22/more-information-about-the-sql-stored-procedure-vulnerability.aspx

The vendor's advisory is available at:

http://www.microsoft.com/technet/security/advisory/961040.mspx

Vendor URL:  www.microsoft.com/technet/security/advisory/961040.mspx (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC