MS09-004: Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420)

high Nessus Plugin ID 35632

Language:

Synopsis

Arbitrary code can be executed on the remote host through Microsoft SQL Server.

Description

The remote host is running a version of Microsoft SQL Server, Desktop Engine or Internal Database that suffers from an authenticated, remote code execution vulnerability in the extended stored procedure 'sp_replwritetovarbin' due to an invalid parameter check.

Successful exploitation could allow an attacker to take complete control of the affected system.

Solution

Microsoft has released a set of patches for SQL Server 2000 and 2005.

See Also

https://www.nessus.org/u?1e024262

Plugin Details

Severity: High

ID: 35632

File Name: smb_nt_ms09-004.nasl

Version: 1.38

Type: local

Agent: windows

Published: 2/11/2009

Updated: 4/11/2022

Configuration: Enable thorough checks

Risk Information

VPR

Risk Factor: Critical

Score: 9.8

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 7.8

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Temporal Vector: E:H/RL:OF/RC:C

CVSS Score Source: CVE-2008-5416

Vulnerability Information

CPE: cpe:/a:microsoft:sql_server

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/10/2009

Vulnerability Publication Date: 12/9/2008

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (MS09-004 Microsoft SQL Server sp_replwritetovarbin Memory Corruption via SQL Injection)

Reference Information

CVE: CVE-2008-5416

BID: 32710

MSFT: MS09-004

MSKB: 960082, 960083, 960089, 960090

IAVA: 2009-A-0012-S

CERT: 696644

EDB-ID: 7501, 16392, 16396

CWE: 119