MS08-040: Microsoft SQL Server Multiple Privilege Escalation (941203) (uncredentialed check)

This script is Copyright (C) 2008-2017 Tenable Network Security, Inc.


Synopsis :

The remote SQL server is affected by multiple vulnerabilities.

Description :

The remote host is running a version of Microsoft SQL Server, Desktop
Engine, or Internal Database that is affected by multiple
vulnerabilities :

- An information disclosure vulnerability exists due to
improper initialization of memory pages when
reallocating memory. An unauthenticated, remote attacker
can exploit this to obtain database contents, resulting
in the disclosure of sensitive information.
(CVE-2008-0085)

- A remote code execution vulnerability exists due to a
buffer overflow condition in the convert() function. An
authenticated, remote attacker can exploit this, via a
crafted SQL expression, to execute arbitrary code.
(CVE-2008-0086)

- A remote code execution vulnerability exists due to an
unspecified buffer overflow condition. An authenticated,
remote attacker can exploit this, via a crafted insert
statement, to execute arbitrary code. (CVE-2008-0086)

- A remote code execution vulnerability exists due to an
integer underflow condition. An authenticated, remote
attacker can exploit this, via an SMB or WebDAV pathname
for an on-disk file with a crafted record size value, to
cause a heap-based buffer overflow, resulting in the
execution of arbitrary code. (CVE-2008-0107)

See also :

https://technet.microsoft.com/library/security/ms08-040

Solution :

Microsoft has released a set of patches for SQL Server 7, 2000, and
2005.

Risk factor :

High / CVSS Base Score : 9.0
(CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 6.7
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 34311 ()

Bugtraq ID: 30082
30083
30118
30119

CVE ID: CVE-2008-0085
CVE-2008-0086
CVE-2008-0106
CVE-2008-0107

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now