Microsoft SQL Server Sp_replwritetovarbin() BOF Vulnerability Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS09-004.

Impact

Successful exploitation could result in heap based buffer overflow via specially crafted arguments passed to the affected application. Impact Level: Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link. http://www.microsoft.com/technet/security/bulletin/ms09-004.mspx

Insight

The flaw is due to a boundary error in the implementation of the function sp_replwritetovarbin() SQL procedure.

Affected

Microsoft SQL Server 2000 and 2005 on Windows.

References

http://securitytracker.com/alerts/2008/Dec/1021363.html
http://www.microsoft.com/technet/security/advisory/961040.mspx
http://www.microsoft.com/technet/security/bulletin/ms09-004.mspx
http://www.sec-consult.com/files/20081209_mssql-2000-sp_replwritetovarbin_memwrite.txt
http://www.securityfocus.com/archive/1/archive/1/499042/100/0/threaded

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-5416

CVSS	Base Score: 9.0 AV:N/AC:L/Au:S/C:C/I:C/A:C

Related Vulnerabilities

Apple QuickTime Multiple Vulnerabilities - Jan09 (Win)
Dnsmasq Remote Denial of Service Vulnerability
Adobe Flash Media Server Multiple Denial of Service Vulnerabilities
ClamAV Denial of Service Vulnerability (Win)
freeSSHd SFTP 'rename' and 'realpath' Remote DoS Vulnerability

Microsoft SQL Server sp_replwritetovarbin() BOF Vulnerability

Take action and discover your vulnerabilities