Microsoft SQL Server Sp_replwritetovarbin() BOF Vulnerability Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS09-004.

Impact

Successful exploitation could result in heap based buffer overflow via specially crafted arguments passed to the affected application. Impact Level: Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link. http://www.microsoft.com/technet/security/bulletin/ms09-004.mspx

Insight

The flaw is due to a boundary error in the implementation of the function sp_replwritetovarbin() SQL procedure.

Affected

Microsoft SQL Server 2000 and 2005 on Windows.

References

http://securitytracker.com/alerts/2008/Dec/1021363.html
http://www.microsoft.com/technet/security/advisory/961040.mspx
http://www.microsoft.com/technet/security/bulletin/ms09-004.mspx
http://www.sec-consult.com/files/20081209_mssql-2000-sp_replwritetovarbin_memwrite.txt
http://www.securityfocus.com/archive/1/archive/1/499042/100/0/threaded

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-5416
CVSS Base Score: 9.0
AV:N/AC:L/Au:S/C:C/I:C/A:C

Related Vulnerabilities

cfengine AuthenticationDialogue vulnerability
Adobe Digital Edition Denial of Service Vulnerability (Windows)
Google Chrome Multiple Denial of Service Vulnerabilities - January12 (Linux)
CUPS Multiple Vulnerabilities - Oct08
Adobe Digital Edition Denial of Service Vulnerability (Mac OS X)

Microsoft SQL Server sp_replwritetovarbin() BOF Vulnerability

Take action and discover your vulnerabilities