Blog Post

New Security Bulletin for SQL Server 2000/2005 (MS09-004)

,

Affected Versions:

  • SQL Server 2000 SP4
  • SQL Server 2005 SP2

Unaffected Versions:

  • SQL Server 2005 SP3
  • SQL Server 2008

Original Vulnerability Report: http://www.securityfocus.com/archive/1/archive/1/499042/100/0/threaded

Microsoft Security Bulletin Link: http://www.microsoft.com/technet/security/bulletin/ms09-004.mspx

Brief Analysis:

The extended stored procedure, sp_replwritetovarbin, has a buffer overflow vulnerability which can be exploited to perform a remote code exploit in the context of the SQL Server service account. The stored procedure is only used for transactional replication.

There is currently a proof of concept showing that the buffer overflow is possible but there is no publicly released exploit code nor are there any active exploits in the wild. There is a workaround which involves disabling the extended stored procedure, either by denying permissions to public or by dropping the extended stored procedure from the SQL Server.

Rate

You rated this post out of 5. Change rating

Share

Share

Rate

You rated this post out of 5. Change rating