Microsoft SQL Server RCE (959420)

High Nessus Network Monitor Plugin ID 4927

Synopsis

Arbitrary code can be executed on the remote host through SQL Server.

Description

The remote host is running a version of Microsoft SQL Server, Desktop Engine or Internal Database that suffers from an authenticated remote code execution vulnerability in the MSSQL extended stored procedure 'sp_replwritetovarbin' due to an invalid parameter check. Successful exploitation could allow an attacker to take complete control of the affected system.

Solution

Upgrade or patch according to vendor recommendations.

See Also

http://www.microsoft.com/technet/security/Bulletin/MS09-004.mspx

Plugin Details

Severity: High

ID: 4927

Family: Database

Published: 2009/02/11

Updated: 2019/03/06

Dependencies: 4926

Nessus ID: 35635

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSS v3.0

Base Score: 8.7

Temporal Score: 8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:sql_server

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Microsoft SQL Server sp_replwritetovarbin Memory Corruption)

Reference Information

CVE: CVE-2008-5416

BID: 32710

IAVA: 2009-A-0012, 2011-A-0066