December 12, 2008 at 9:15 am
It's actually an IE issue, but appears that it can spread through SQL Injection:
December 12, 2008 at 9:17 am
Actually I've been seeing reports of a new SQL Server vulnerability, this is a different one from the IE exploit.
Here's the post from secunia...
http://www.sec-consult.com/files/20081209_mssql-2000-sp_replwritetovarbin_memwrite.txt
December 12, 2008 at 9:26 am
Luke L (12/12/2008)
Actually I've been seeing reports of a new SQL Server vulnerability, this is a different one from the IE exploit.Here's the post from secunia...
http://www.sec-consult.com/files/20081209_mssql-2000-sp_replwritetovarbin_memwrite.txt
This was originally reported as just a SQL Server 2000 vulnerability, but has been confirmed to also be a SQL Server 2005 issue, too. At least, based on the security researcher's comments.
K. Brian Kelley
@kbriankelley
December 17, 2008 at 2:20 pm
So I've been looking into this a bit and the one piece of info I can't seem to find is, what the heck does sp_replwritetovarbin do? I've disabled it in a few of my instances and all seems to be well so I'm proceeding with caution. I'm just wondering if all of a sudden I start to have issues what should I expect to see? From the name it might seem to have something to do with replication and varbinary datatypes?
Any other ideas?
Thanks.
-Luke.
December 24, 2008 at 5:00 am
Here is some more information about it:
http://www.microsoft.com/technet/security/advisory/961040.mspx
and some further reading:
Regards
Carl
December 26, 2008 at 6:24 am
Viewing 6 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply