Microsoft SQL Server RCE (959420)

high Nessus Network Monitor Plugin ID 4927

Synopsis

Arbitrary code can be executed on the remote host through SQL Server.

Description

The remote host is running a version of Microsoft SQL Server, Desktop Engine or Internal Database that suffers from an authenticated remote code execution vulnerability in the MSSQL extended stored procedure 'sp_replwritetovarbin' due to an invalid parameter check. Successful exploitation could allow an attacker to take complete control of the affected system.

Solution

Upgrade or patch according to vendor recommendations.

See Also

http://www.microsoft.com/technet/security/Bulletin/MS09-004.mspx

Plugin Details

Severity: High

ID: 4927

Family: Database

Published: 2/11/2009

Updated: 3/6/2019

Nessus ID: 35635

Risk Information

VPR

Risk Factor: Critical

Score: 10.0

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.2

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:sql_server

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Microsoft SQL Server sp_replwritetovarbin Memory Corruption)

Reference Information

CVE: CVE-2008-5416

BID: 32710