SQL Clone
SQLServerCentral is supported by Redgate
Log in  ::  Register  ::  Not logged in

New Security Bulletin for SQL Server 2000/2005 (MS09-004)

Affected Versions:

  • SQL Server 2000 SP4
  • SQL Server 2005 SP2

Unaffected Versions:

  • SQL Server 2005 SP3
  • SQL Server 2008

Original Vulnerability Report: http://www.securityfocus.com/archive/1/archive/1/499042/100/0/threaded

Microsoft Security Bulletin Link: http://www.microsoft.com/technet/security/bulletin/ms09-004.mspx

Brief Analysis:

The extended stored procedure, sp_replwritetovarbin, has a buffer overflow vulnerability which can be exploited to perform a remote code exploit in the context of the SQL Server service account. The stored procedure is only used for transactional replication.

There is currently a proof of concept showing that the buffer overflow is possible but there is no publicly released exploit code nor are there any active exploits in the wild. There is a workaround which involves disabling the extended stored procedure, either by denying permissions to public or by dropping the extended stored procedure from the SQL Server.

K. Brian Kelley - Databases, Infrastructure, and Security

IT Security, MySQL, Perl, SQL Server, and Windows technologies.


No comments.

Leave a Comment

Please register or log in to leave a comment.