Microsoft SQL Server fails to properly validate parameters to the sp_replwriterovarbin extended stored procedure
http://jvnrss.ise.chuo-u.ac.jp/jtg/trn/en/JVNTR-2008-09.html
JVNRSS based Status Tracking Notes: A vulnerability the Microsoft SQL Server sp_replwriterovarbin extended stored procedure could allow an authenticated attacker to execute arbitrary code on an affected server.JVNRSS Feasibility Study Teamjvn@jvn.jpJVNTR-2008-092009-02-14T02:51+00:002008-12-28T09:09+00:002009-02-14T02:51+00:00Vulnerability in SQL Server Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/961040.mspx?jvntrev=1
SQL Server sp_replwritetovarbin Limited Memory Overwrite Vulnerability (MS09-004, CVE-2008-5416)
Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS09-004 to address this issue.
MicrosoftMicrosoft Security Advisory (961040)http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5416http://www.us-cert.gov/cas/techalerts/TA09-041A.htmlhttp://www.microsoft.com/technet/security/bulletin/ms09-004.mspx2009-02-10T13:51-08:002009-02-10T13:51-08:002009-02-10T13:51-08:00ThreatCON (2) => (1)
https://tms.symantec.com/
Microsoft released Security Advisory 961040 to acknowledge a vulnerability affecting SQL Server that was originally disclosed on December 9, 2008. Users are advised to review the advisory and apply the suggested workaround.
Symantechttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4270http://www.microsoft.com/technet/security/advisory/961040.mspx2008-12-23T22:50+00:002008-12-23T22:50+00:002008-12-23T22:50+00:00MS ACK's Vulnerability in SQL Server which Could Allow Remote Code Execution
http://isc.sans.org/diary.html?storyid=5545
According to published reports, the vulnerability was reported to Microsoft in April and "a fix for this vulnerability has been completed", but there's no patch release date mentioned at this time. Exploit code is available.
SANS Internet Storm Centerhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4270http://www.microsoft.com/technet/security/advisory/961040.mspx2008-12-23T14:13+00:002008-12-23T14:13+00:002008-12-23T14:13+00:00Microsoft Releases Security Advisory (961040)
http://www.us-cert.gov/current/archive/2008/12/23/archive.html#microsoft_releases_security_advisory_961040
US-CERT Current Activity
Microsoft has released Security Advisory 961040 to address reports of attacks against a new vulnerability in Microsoft SQL Server 2000, Microsoft SQL Server 2005, Microsoft SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine, Microsoft SQL Server 2000 Desktop Engine, and Windows Internal Database.
US-CERThttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4270http://www.microsoft.com/technet/security/advisory/961040.mspx2008-12-23T08:29-04:002008-12-23T08:29-04:002008-12-23T08:29-04:00Vulnerability in SQL Server Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/961040.mspx
Advisory published.
Microsoft is investigating new public reports of a vulnerability that could allow remote code execution on systems with supported editions of Microsoft SQL Server 2000, Microsoft SQL Server 2005, Microsoft SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine (MSDE 2000), Microsoft SQL Server 2000 Desktop Engine (WMSDE), and Windows Internal Database (WYukon).
MicrosoftMicrosoft Security Advisory (961040)http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-42702008-12-22T22:59-08:002008-12-22T22:59-08:002008-12-22T22:59-08:00Tuesday 12/23 Update: Microsoft Security Advisory 961040
http://blogs.technet.com/msrc/archive/2008/12/22/microsoft-security-advisory-961040.aspx
In the advisory we provide a workaround to help customers protect themselves from attackers trying to exploit this vulnerability.
Microsoft Security Response Center Bloghttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4270http://www.microsoft.com/technet/security/advisory/961040.mspx2008-12-23T04:512008-12-23T04:512008-12-23T04:51Microsoft Security Advisory 961040
http://blogs.technet.com/msrc/archive/2008/12/22/microsoft-security-advisory-961040.aspx
This advisory contains information regarding public reports of a vulnerability in SQL Server that could allow for remote code execution. We are aware that exploit code has been published on the Internet; however, we are not aware of any attacks attempting to use the reported vulnerability.
Microsoft Security Response Center Bloghttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4270http://www.microsoft.com/technet/security/advisory/961040.mspx2008-12-22T03:342008-12-22T03:342008-12-22T03:34Microsoft SQL Server sp_replwritetovarbin() Heap Overflow Exploit
http://www.securityfocus.com/bid/32710?jvntrev=1
sp_replwriterovarbin stored procedure vulnerability (CVE-2008-4270)
#Cid: 32710.html
#Tested: Windows 2000 SP4 + SQL Server 2000
#Tested: cpe:/o:microsoft:windows_2000::sp4 + cpe:/a:microsoft:sql_server:2000
Bugtraqhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4270http://www.microsoft.com/technet/security/advisory/961040.mspx2008-12-172008-12-172008-12-17Microsoft SQL Server sp_replwritetovarbin limited memory overwrite vulnerability
http://www.securityfocus.com/bid/32710
sp_replwriterovarbin stored procedure vulnerability (CVE-2008-4270)
#Cid: 32710.sql
#Tested: SQL Server 2000
#Tested: SQL Server 2005
#Tested: cpe:/a:microsoft:sql_server:2000
#Tested: cpe:/a:microsoft:sql_server:2005
Bugtraqhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4270http://www.microsoft.com/technet/security/advisory/961040.mspx2008-12-09T13:16+01:002008-12-09T13:16+01:002008-12-09T13:16+01:00Microsoft SQL Server sp_replwritetovarbin limited memory overwrite vulnerability
http://www.sec-consult.com/files/20081209_mssql-2000-sp_replwritetovarbin_memwrite.txt
Vulnerability Reported
By calling the extended stored procedure sp_replwritetovarbin, and supplying several uninitialized variables as parameters, it is possible to trigger a memory write to a controlled location. Depending on the underlying Windows version, it is / may be possible to use this vulnerability to execute arbitrary code in the context of the vulnerable SQL server process.
SEC ConsultSA-20081209http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4270http://www.microsoft.com/technet/security/advisory/961040.mspx2008-04-172008-04-172008-04-17