CERT-In Vulnerability Note CIVN-2008-103
Microsoft SQL server Elevation of Privilege Vulnerabilities
Original Issue Date:
July 10, 2008
Severity Rating:
Medium
System Affected :
Operating Systems
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server
- Microsoft Windows Server 2003 Datacenter Edition
- Microsoft Windows Server 2003 Enterprise Edition
- Microsoft Windows Server 2003 Standard Edition
- Microsoft Windows Server 2003 Web Edition
- Microsoft Windows Server 2008
Software
- Microsoft Data Engine (MSDE) 1.0
- Microsoft SQL Server 2000
- Microsoft SQL Server 2000 Desktop Engine (MSDE 2000)
- Microsoft SQL Server 2005
- Microsoft SQL Server 2005 Express Edition
- Microsoft SQL Server 7
Overview
Four vulnerabilities have been reported in Microsoft SQL server, which could be exploited by an attacker to gain escalated privileges of the affected system.
Description
Several vulnerabilities were reported in Microsoft SQL Server, which could be exploited by malicious users to disclose sensitive information or gain elevated privileges. An authenticated attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.
1. Memory Page Reuse Information Disclosure Vulnerability
(CVE-2008- 0085)
The vulnerability is caused due insecure reuse of memory pages by Microsoft SQL Server. These memory pages are used to store the results of operations that may be performed across multiple databases. An authenticated attacker could exploit the vulnerability by reviewing a backup file for a database that the attacker controls. An attacker could read the contents of memory pages that contained data from another user's session.
Workaround
- Enable Common Criteria Compliance on SQL 2005 Service
Pack 2
2. Convert Function Buffer Overflow Vulnerability
(CVE-2008-0086)
A vulnerability exists in the convert function in SQL Server. The vulnerability is caused due to insufficient boundary restrictions on user-supplied data while converting SQL expressions from one data type to another by using convert function. An attacker could exploit the vulnerability via an overly long, specially crafted expression to cause a buffer overflow caused to execute arbitrary code with the privileges of the SQL Server service.
3. SQL Server Memory Corruption Vulnerability
(CVE-2008-0107)
Memory Corruption Vulnerability exists in SQL Server due to insufficient validation while handling certain types of files. An authenticated, remote attacker could exploit this vulnerability by placing a malicious file on an affected system and use the affected service to process the file via SQL statement. Memory corruption resulting from the error caused to execute arbitrary code with the privileges of the SQL Server service.
4. SQL Server Buffer Overflow Vulnerability (CVE-2008-0106)
Buffer Overflow Vulnerability exists in SQL Server due to insufficient input validation while handling certain types of requests. An attacker could exploit this vulnerability by sending a malicious request to the affected system, which could trigger a buffer overflow caused to execute arbitrary code with the privileges of the SQL Server service.
Solution
Apply appropriate patches as mentioned in Microsoft Security Bulletin MS08-040
Vendor Information
Microsoft
http://www.microsoft.com/technet/security/Bulletin/MS08-040.mspx
References
Microsoft
http://www.microsoft.com/technet/security/bulletin/ms08-040.mspx
Secunia
http://secunia.com/advisories/30970/
Cisco IntelliShield Alert
http://www.cisco.com/web/about/security/intelligence/ERP_jul08.html
CVE Name
CVE-2008-0086
CVE-2008-0107
CVE-2008-0107
CVE-2008-0106
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
