Microsoft SQL Server and MSDE Multiple Vulnerabilities - Secunia Advisories - Vulnerability Intelligence

Microsoft SQL Server and MSDE Multiple Vulnerabilities
Secunia Advisory:	SA30970	Advisory Toolbox: Issue ticket Save in to-do list Mark as handled Exploit information Download as PDF Review actions Add comment
Release Date:	2008-07-08
Last Update:	2008-07-09
Popularity:	7,050 views

Critical:	Less critical
Impact:	Exposure of sensitive information Privilege escalation
Where:	From local network
Solution Status:	Vendor Patch

OS:	Microsoft Windows 2000 Advanced Server Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Professional Microsoft Windows 2000 Server Microsoft Windows Server 2003 Datacenter Edition Microsoft Windows Server 2003 Enterprise Edition Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 Web Edition Microsoft Windows Server 2008

Software:	Microsoft Data Engine (MSDE) 1.0 Microsoft SQL Server 2000 Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) Microsoft SQL Server 2005 Microsoft SQL Server 2005 Express Edition Microsoft SQL Server 7

Subscribe:	Instant alerts on relevant vulnerabilities

CVE reference:	CVE-2008-0085 CVE-2008-0086 CVE-2008-0106 CVE-2008-0107

Description: Four vulnerabilities have been reported in Microsoft SQL Server, which can be exploited by malicious users to gain escalated privileges. 1) An error in the way memory page reuse is managed can be exploited by users with database operator access to gain knowledge of potentially sensitive information (e.g. data from another user's session). 2) A boundary error in the convert function when converting SQL expressions from one data type to another can be exploited to cause a buffer overflow via an overly long, specially crafted expression. Successful exploitation may allow execution of arbitrary code with escalated privileges. 3) An error when processing database backup files can be exploited to cause a heap-based buffer overflow by loading a specially crafted database backup file via e.g. the RESTORE TSQL statement. Successful exploitation may allow execution of arbitrary code with escalated privileges. 4) A boundary error when handling insert statements can be exploited to cause a buffer overflow via a specially crafted insert statement. Successful exploitation may allow execution of arbitrary code with escalated privileges. Solution: Apply patches. -- SQL Server (GDR) -- SQL Server 7.0 SP4: http://www.microsoft.com/downloads/de...=C95B2CB3-51A4-44E4-B9F4-9416E9CE16A0 SQL Server 2000 SP4: http://www.microsoft.com/downloads/de...=4FD1F86A-94A2-43D8-9B0A-774C81426D9E SQL Server 2000 Itanium-based Edition SP4: http://www.microsoft.com/downloads/de...=4FD1F86A-94A2-43D8-9B0A-774C81426D9E SQL Server 2005 SP2: http://www.microsoft.com/downloads/de...=4C9851CC-2C4C-4190-872C-84993A7623B7 SQL Server 2005 x64 Edition SP2: http://www.microsoft.com/downloads/de...=4C9851CC-2C4C-4190-872C-84993A7623B7 SQL Server 2005 with SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/de...=4C9851CC-2C4C-4190-872C-84993A7623B7 Microsoft Data Engine (MSDE) 1.0 SP4: http://www.microsoft.com/downloads/de...=C95B2CB3-51A4-44E4-B9F4-9416E9CE16A0 Microsoft SQL Server 2005 Express Edition SP2: http://www.microsoft.com/downloads/de...=4C9851CC-2C4C-4190-872C-84993A7623B7 Microsoft SQL Server 2005 Express Edition with Advanced Services SP2: http://www.microsoft.com/downloads/de...=4C9851CC-2C4C-4190-872C-84993A7623B7 -- SQL Server (QFE) -- SQL Server 7.0 SP4: http://www.microsoft.com/downloads/de...=C95B2CB3-51A4-44E4-B9F4-9416E9CE16A0 SQL Server 2000 SP4: http://www.microsoft.com/downloads/de...=8316BC5E-8C2D-4710-8ACC-B815CCC81CD4 SQL Server 2000 Itanium-based Edition SP4: http://www.microsoft.com/downloads/de...=8316BC5E-8C2D-4710-8ACC-B815CCC81CD4 SQL Server 2005 SP2: http://www.microsoft.com/downloads/de...=A60BB7E7-EF4E-4CBD-B63A-0AD7BD1402B3 SQL Server 2005 x64 Edition SP2: http://www.microsoft.com/downloads/de...=A60BB7E7-EF4E-4CBD-B63A-0AD7BD1402B3 SQL Server 2005 with SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/de...=A60BB7E7-EF4E-4CBD-B63A-0AD7BD1402B3 Microsoft Data Engine (MSDE) 1.0 SP4: http://www.microsoft.com/downloads/de...=C95B2CB3-51A4-44E4-B9F4-9416E9CE16A0 Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) SP4: http://www.microsoft.com/downloads/de...=8316BC5E-8C2D-4710-8ACC-B815CCC81CD4 Microsoft SQL Server 2005 Express Edition SP2: http://www.microsoft.com/downloads/de...=A60BB7E7-EF4E-4CBD-B63A-0AD7BD1402B3 Microsoft SQL Server 2005 Express Edition with Advanced Services SP2: http://www.microsoft.com/downloads/de...=A60BB7E7-EF4E-4CBD-B63A-0AD7BD1402B3 -- Windows Components -- Windows 2000 SP4 with Microsoft SQL Server 2000 Desktop Engine: http://www.microsoft.com/downloads/de...=1c0ae18b-1f17-44b3-a337-b36e7de437a7 Windows Server 2003 SP1/SP2 with Microsoft SQL Server 2000 Desktop Engine: http://www.microsoft.com/downloads/de...=1c0ae18b-1f17-44b3-a337-b36e7de437a7 Windows Server 2003 SP1/SP2 with Windows Internal Database (WYukon) SP2: http://www.microsoft.com/downloads/de...=48f6aaa5-49fc-4a16-bc34-8514e214b8cf Windows Server 2003 x64 Edition (optionally with SP2) and SQL Server 2000 Desktop Engine (WMSDE): http://www.microsoft.com/downloads/de...=1c0ae18b-1f17-44b3-a337-b36e7de437a7 Windows Server 2003 x64 Edition (optionally with SP2) and Windows Internal Database (WYukon) x64 Edition SP2: http://www.microsoft.com/downloads/de...=48f6aaa5-49fc-4a16-bc34-8514e214b8cf Windows Server 2008 for 32-bit Systems and Windows Internal Database (WYukon) SP2: http://www.microsoft.com/downloads/de...=48f6aaa5-49fc-4a16-bc34-8514e214b8cf Windows Server 2008 for x64-based Systems and Windows Internal Database (WYukon) x64 Edition SP2: http://www.microsoft.com/downloads/de...=48f6aaa5-49fc-4a16-bc34-8514e214b8cf Provided and/or discovered by: 1) The vendor credits an anonymous person. 2) The vendor credits an anonymous person. 3) Brett Moore, Insomnia Security via iDefense. 4) The vendor credits an anonymous person. Changelog: 2008-07-09: Added link to iDefense Labs. Updated description for vulnerability #3 based on information from Insomnia Security. Added link to Insomnia Security. Original Advisory: MS08-040 (KB941203): http://www.microsoft.com/technet/security/Bulletin/MS08-040.mspx iDefense Labs: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=723 Insomnia Security: http://www.insomniasec.com/advisories/ISVA-080709.1.htm

Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released. Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

Latest Advisories

Today

New advisories:	20
New vulnerabilities:	81
Updated advisories:	34

Less // 138 views

Novell Netware ApacheAdmin Console Security Bypass

Moderately // 118 views

Webboard Street SQL Injection and Information Disclosure

Moderately // 141 views

Null FTP Server "SITE" Parameters Command Injection Vulnerability

Moderately // 118 views

User Engine Lite ASP Database Disclosure

Moderately // 130 views

Merlix Template Creature "mcatid" SQL Injection Vulnerability

Highly // 153 views

CcTiddly Multiple File Inclusion Vulnerabilities

Not // 229 views

Tor Two Weaknesses

Moderately // 171 views

Tribiq CMS "cID" SQL Injection Vulnerability

Highly // 176 views

Gravity GTD File Inclusion and PHP Code Injection

Highly // 302 views

Trillian Multiple Vulnerabilities

Solutions | More...

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com. Ideas, suggestions, and other feedback are most welcome.