Microsoft SQL Server RCE (959420)

High Nessus Network Monitor Plugin ID 4927

Synopsis

Arbitrary code can be executed on the remote host through SQL Server.

Description

The remote host is running a version of Microsoft SQL Server, Desktop Engine or Internal Database that suffers from an authenticated remote code execution vulnerability in the MSSQL extended stored procedure 'sp_replwritetovarbin' due to an invalid parameter check. Successful exploitation could allow an attacker to take complete control of the affected system.

Solution

Upgrade or patch according to vendor recommendations.

See Also

http://www.microsoft.com/technet/security/Bulletin/MS09-004.mspx

Plugin Details

Severity: High

ID: 4927

File Name: 4927.prm

Family: Database

Published: 2009/02/11

Modified: 2017/02/02

Dependencies: 4926

Nessus ID: 35635

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 8.7

Temporal Score: 8

Vector: CVSS3#AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Microsoft SQL Server sp_replwritetovarbin Memory Corruption)

Reference Information

CVE: CVE-2008-5416

BID: 32710

OSVDB: 50589

IAVA: 2009-A-0012, 2011-A-0066