MS09-004: Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420) (uncredentialed check)

critical Nessus Plugin ID 35635

Synopsis

A database application installed on the remote host is affected by a remote code execution vulnerability.

Description

The remote Windows host is running a version of Microsoft SQL Server, Desktop Engine, or Internal Database that is affected by a remote code execution vulnerability in the sp_replwritetovarbin() stored procedure due to a failure to check invalid parameters. An authenticated, remote attacker can exploit this, via specially crafted request, to cause the execution of arbitrary code.

Solution

Microsoft has released a set of patches for SQL Server 2000 and 2005.

See Also

https://www.nessus.org/u?1e024262

Plugin Details

Severity: Critical

ID: 35635

File Name: smb_kb959420.nasl

Version: 1.38

Type: remote

Agent: windows

Family: Windows

Published: 2/11/2009

Updated: 4/11/2022

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus Agent

Risk Information

VPR

Risk Factor: Critical

Score: 9.8

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 7.8

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Temporal Vector: E:H/RL:OF/RC:C

CVSS Score Source: CVE-2008-5416

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Temporal Score: 8.7

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:microsoft:windows, cpe:/a:microsoft:sql_server

Required KB Items: Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/10/2009

Vulnerability Publication Date: 12/9/2008

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (MS09-004 Microsoft SQL Server sp_replwritetovarbin Memory Corruption via SQL Injection)

Reference Information

CVE: CVE-2008-5416

BID: 32710

IAVA: 2009-A-0012-S

MSFT: MS09-004

CERT: 696644

EDB-ID: 7501, 16392, 16396

MSKB: 959420

CWE: 119