Lucene search
This script is Copyright (C) 2005-2023 and is owned by Tenable, Inc. or an Affiliate thereof.MSSQL_VERSION.NASLHistoryJan 26, 2003 - 12:00 a.m.
Microsoft SQL Server Detection (credentialed check)
2003-01-2600:00:00
This script is Copyright (C) 2005-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
1273
Nessus has detected one or more installs of Microsoft SQL server by examining the registry and file systems on the remote host.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include("compat.inc");
if (description)
{
script_id(11217);
script_version("1.156");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/06/29");
script_xref(name:"IAVT", value:"0001-T-0800");
script_name(english:"Microsoft SQL Server Detection (credentialed check)");
script_summary(english:"Detects Microsoft SQL Server installs.");
script_set_attribute(attribute:"synopsis", value:"The remote host has a database server installed.");
script_set_attribute(attribute:"description", value:
"Nessus has detected one or more installs of Microsoft SQL server by
examining the registry and file systems on the remote host.");
#https://learn.microsoft.com/en-us/troubleshoot/sql/general/determine-version-edition-update-level
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e45407e9");
script_set_attribute(attribute:"solution", value:"Ensure the latest service pack and hotfixes are installed.");
script_set_attribute(attribute:"risk_factor", value:"None");
script_set_attribute(attribute:"agent", value:"windows");
script_set_attribute(attribute:"plugin_publication_date", value:"2003/01/26");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:sql_server");
script_set_attribute(attribute:"asset_inventory", value:"True");
script_set_attribute(attribute:"asset_inventory_category", value:"software_enumeration");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2005-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Databases");
script_dependencies("netbios_name_get.nasl",
"smb_login.nasl", "smb_registry_full_access.nasl",
"mssqlserver_detect.nasl", "smb_hotfixes.nasl");
script_require_keys("SMB/transport", "SMB/name", "SMB/login",
"SMB/password", "SMB/registry_full_access");
script_require_ports(139, 445);
exit(0);
}
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_reg_query.inc");
include("byte_func.inc");
include("install_func.inc");
include("debug.inc");
function get_verbose_version(version)
{
local_var v;
version = split(version, sep:".", keep:FALSE);
if (version[3])
v = version[0] + '.' + version[1] + '.' + version[2] + '.' + version[3];
if (!version[3])
v = version[0] + '.' + version[1] + '.' + version[2];
if (version[0] <= 7 && !isnull(version7[v]))
return version7[v];
else if(version[0] == 8 && !isnull(version8[v]))
return version8[v];
else if(version[0] == 9 && !isnull(version9[v]))
return version9[v];
else if (version[0] == 10)
{
if (version[1] == 50 && !isnull(version10_50[v]))
return version10_50[v];
else if (!isnull(version10[v]))
return version10[v];
}
else if(version[0] == 11)
{
if (version[2] >= 9120 && !isnull(version12[v]))
return version12[v];
else if (!isnull(version11[v]))
return version11[v];
}
else if(version[0] == 13)
{
if (version[2] >= 200 && !isnull(version16[v]))
return version16[v];
else if (!isnull(version12[v]))
return version12[v];
}
else if (version[0] == 12 && !isnull(version12[v]))
return version12[v];
return NULL;
}
function retrieve_file_version(path)
{
var fversion, ver, error;
fversion = hotfix_get_fversion(path:path);
error = hotfix_handle_error(error_code:fversion['error'], file:path);
if(error) spad_log(message:error);
if (!isnull(fversion.version))
return fversion.version;
return NULL;
}
function retrieve_files_info(&files_info, files)
{
var file, ver;
if (empty_or_null(files)) return NULL;
foreach file (files)
{
if (!hotfix_file_exists(path:file)) return NULL;
ver = retrieve_file_version(path:file);
spad_log(message:'File: ' + file + '\nVersion: ' + ver);
file = str_replace(string:file, find:"\\", replace:"\");
if (!empty_or_null(ver))
append_element(var:files_info, value:{'path': file, 'version': ver});
}
}
function append_to_files_info_list(&files_info, version, path, arch)
{
var osqlpath, sqlpath, files, bin, bins = [], program_files_dir;
if (version =~ "^10\.0\.")
{
# Haven't found any SQL 2008 in the lab, and according to the pattern observed on other versions of SQL,
# The digits in the path is likely to be '100' (100 probably represents 10.0, so 13.0 is 130, see examples in setup.exe)
osqlpath = '\\Microsoft SQL Server\\100\\Tools\\Binn';
}
if (version =~ "^11\.0\.")
{
sqlpath = '\\Microsoft SQL Server\\110\\Setup Bootstrap\\SQLServer2012';
osqlpath = '\\Microsoft SQL Server\\110\\Tools\\Binn';
}
else if (version =~ "^12\.0\.")
{
sqlpath = '\\Microsoft SQL Server\\120\\Setup Bootstrap\\SQLServer2014';
osqlpath = '\\Microsoft SQL Server\\120\\Tools\\Binn';
}
else if (version =~ "^13\.0\.")
{
sqlpath = '\\Microsoft SQL Server\\130\\Setup Bootstrap\\SQLServer2016';
osqlpath = '\\Microsoft SQL Server\\130\\Tools\\Binn';
}
else if (version =~ "^14\.0\.")
{
sqlpath = '\\Microsoft SQL Server\\140\\Setup Bootstrap\\SQL2017';
}
if (!empty_or_null(path))
files = [hotfix_append_path(path:path, value:'sqlservr.exe')];
if ( arch == 'x86' )
program_files_dir = hotfix_get_programfilesdirx86();
else if ( arch == 'x64' )
program_files_dir = hotfix_get_programfilesdir();
if (!empty_or_null(sqlpath))
append_element(
var:bins,
value:hotfix_append_path(path:sqlpath, value:'setup.exe')
);
if (!empty_or_null(osqlpath))
{
foreach var f (['xmlrw.dll', 'OSQL.exe'])
{
append_element(
var:bins,
value:hotfix_append_path(path:osqlpath, value:f)
);
}
}
if (!empty_or_null(program_files_dir))
foreach bin (bins)
append_element(var:files, value:hotfix_append_path(path:program_files_dir, value:bin));
spad_log(message:'Collecting info from the following files: ' + obj_rep(files));
retrieve_files_info(files_info:files_info, files:files);
}
# versions culled from ;
# http://www.sqlsecurity.com
# http://sqlserverbuilds.blogspot.com
# https://sqlserverupdates.com/
# SQL 2022
var last_version22 = "16.0.1000.6";
var version22;
version22["16.0.1000.6"] = "2022 RTM";
# SQL 2019
var last_version19 = "15.0.4261.1";
var version19;
version19["15.0.4261.1"] = "2019 CU18 (KB5017593)";
version19["15.0.4249.2"] = "2019 CU17 (KB5016394)";
version19["15.0.4236.7"] = "2019 CU16 GDR (KB5014353)";
version19["15.0.2095.3"] = "2019 GDR (KB5014356)";
version19["15.0.4223.1"] = "2019 CU16 (KB5011644)";
version19["15.0.4198.2"] = "2019 CU15 (KB5008996)";
version19["15.0.4188.2"] = "2019 CU14 (KB5007182)";
version19["15.0.4178.1"] = "2019 CU13 (KB5005679)";
version19["15.0.4153.1"] = "2019 CU12 (KB5004524)";
version19["15.0.4138.2"] = "2019 CU11 (KB5003249)";
version19["15.0.4123.1"] = "2019 CU10 (KB5001090)";
version19["15.0.4102.2"] = "2019 CU9 (KB5000642)";
version19["15.0.4083.2"] = "2019 CU8 GDR (KB4583459)";
version19["15.0.2080.9"] = "2019 GDR (KB4583458)";
version19["15.0.4073.23"] = "2019 CU8 (KB4577194)";
version19["15.4063.15"] = "2019 CU7)"; # this CU was removed from production
version19["15.0.4053.23"] = "2019 CU6 (KB4563110)";
version19["15.0.4043.16"] = "2019 CU5 (KB4552255)";
version19["15.0.4033.1"] = "2019 CU4 (KB4548597)";
version19["15.0.4023.6"] = "2019 CU3 (KB4538853)";
version19["15.0.4013.40"] = "2019 CU2 (KB4536075)";
version19["15.0.4003.23"] = "2019 CU1 (KB4527376)";
version19["15.0.2070.41"] = "2019 GDR (KB4517790)";
version19["15.0.2000.5"] = "2019 RTM";
# SQL 2017
var last_version17 = "14.0.3456.2";
var version17;
version17["14.0.3456.2"] = "2017 CU31 (KB5016884)";
version17["14.0.3451.2"] = "2017 CU30 (KB5013756)";
version17["14.0.3445.2"] = "2017 GDR (KB5014553)";
version17["14.0.3436.1"] = "2017 CU29 (KB5010786)";
version17["14.0.3430.2"] = "2017 CU28 (KB5008084)";
version17["14.0.3421.10"] = "2017 CU27 (KB5006944)";
version17["14.0.3411.3"] = "2017 CU26 (KB5005226)";
version17["14.0.3401.7"] = "2017 CU25 (KB5003830)";
version17["14.0.3391.2"] = "2017 CU24 (KB5001228)";
version17["14.0.3381.3"] = "2017 CU23 (KB5000685)";
version17["14.0.3370.1"] = "2017 CU22 GDR (KB4583457)";
version17["14.0.3356.20"] = "2017 CU22 (KB4577467)";
version17["14.0.3335.7"] = "2017 CU21 (KB4557397)";
version17["14.0.3294.2"] = "2017 CU20 (KB4541283)";
version17["14.0.3281.6"] = "2017 CU19 (KB4535007)";
version17["14.0.3257.3"] = "2017 CU18 (KB4527377)";
version17["14.0.2042.3"] = "2017 RTM GDR (KB5014354)";
version17["14.0.1000.169"] = "2017 RTM";
# SQL 2016
var last_version16 = "13.0.6419.1";
var version16;
version16["13.0.6419.1"] = "2016 GDR (KB5014355)";
version16["13.0.6404.1"] = "2016 Hotfix (KB5006943)";
version16["13.0.6300.2"] = "2016 SP3 (KB5003279)";
version16["13.0.5108.50"] = "2016 SP2 GDR (KB5014365)";
version16["13.0.5026.0"] = "2016 SP2 (KB4052908)";
version16["13.0.4001.0"] = "2016 SP1 (KB3182545)";
version16["13.0.2149"] = "2016 + CU1 (KB3164674)";
version16["13.0.1708"] = "2016 + Critical update for SQL Server 2016 MSVCRT prerequisites (KB3164398)";
version16["13.0.1601"] = "2016";
version16["13.0.1400"] = "2016 Release Candidate 3";
version16["13.0.1300"] = "2016 Release Candidate 2";
version16["13.0.1200"] = "2016 Release Candidate 1";
version16["13.0.1100"] = "2016 Release Candidate 0";
version16["13.0.1000"] = "CTP3.3";
version16["13.0.900"] = "CTP3.2";
version16["13.0.800"] = "CTP3.1";
version16["13.0.700"] = "CTP3.0";
version16["13.0.600"] = "CTP2.4";
version16["13.0.500"] = "CTP2.3";
version16["13.0.407"] = "CTP2.2";
version16["13.0.300"] = "CTP2.1";
version16["13.0.200"] = "CTP2";
# SQL 2014
var last_version12 = "12.0.6439.10";
var version12;
version12["12.0.6439.10"] = "2014 + SP3 CU4 Security Update June 2022 (KB5014164)";
version12["12.0.6169.19"] = "2014 + SP3 GDR Security Update June 2022 (KB5014165)";
version12["12.0.6433.1"] = "2014 + SP3 CU4 Security Update January 2021 (KB4583462)";
version12["12.0.6024.0"] = "2014 + SP3 CU4 Security Update Febraury 2020 (KB4535288)";
version12["12.0.6329.1"] = "2014 + SP3 CU4 (KB4500181)";
version12["12.0.6024.0"] = "2014 + SP3 (KB4022619)";
version12["12.0.5000"] = "2014 + SP2 (KB3171021)";
version12["12.0.4459"] = "2014 + SP1 CU7 (KB3162659)";
version12["12.0.4457"] = "2014 + SP1 CU6 (KB3167392)";
version12["12.0.4439"] = "2014 + SP1 CU5 (KB3130926)";
version12["12.0.4436"] = "2014 + SP1 CU4 (KB3106660)";
version12["12.0.4427"] = "2014 + SP1 CU3 (KB3094221)";
version12["12.0.4422"] = "2014 + SP1 CU2 (KB3075950)";
version12["12.0.4416"] = "2014 + SP1 CU1 (KB3067839)";
version12["12.0.4213"] = "2014 + MS15-058 GDR Security Update (KB3070446)";
version12["12.0.4100"] = "2014 + SP1 (KB3058865)";
version12["12.0.2569"] = "2014 + Cumulative Update 14 (KB3158271)";
version12["12.0.2568"] = "2014 + Cumulative Update 13 (KB3144517)";
version12["12.0.2564"] = "2014 + Cumulative Update 12 (KB3130923)";
version12["12.0.2560"] = "2014 + Cumulative Update 11 (KB3106659)";
version12["12.0.2556"] = "2014 + Cumulative Update 10 (KB3094220)";
version12["12.0.2553"] = "2014 + Cumulative Update 9 (KB3075949)";
version12["12.0.2548"] = "2014 + MS15-058 Fix (QFE) (KB3045324)";
version12["12.0.2546"] = "2014 + Cumulative Update 8 (KB3067836)";
version12["12.0.2495"] = "2014 + Cumulative Update 7 (KB3046038)";
version12["12.0.2480"] = "2014 + Cumulative Update 6 (KB3031047)";
version12["12.0.2456"] = "2014 + Cumulative Update 5 (KB3011055)";
version12["12.0.2430"] = "2014 + Cumulative Update 4 (KB2999197)";
version12["12.0.2423"] = "2014 + RTDATA_LIST Wait Type Fix (KB3007050)";
version12["12.0.2405"] = "2014 + Table Joins Performance Fix (KB2999809)";
version12["12.0.2402"] = "2014 + Cumulative Update 3 (KB2984923)";
version12["12.0.2381"] = "2014 + MS14-044 Fix (QFE) (KB2977316)";
version12["12.0.2370"] = "2014 + Cumulative Update 2 (KB2967546)";
version12["12.0.2342"] = "2014 + Cumulative Update 1 (KB2931693)";
version12["12.0.2269"] = "2014 + MS15-058 Fix (GDR) (KB3045323)";
version12["12.0.2254"] = "2014 + MS14-044 Fix (GDR) (KB2977315)";
version12["12.0.2000"] = "2014";
version12["12.0.1524"] = "2014 CTP2";
version12["11.0.9120"] = "2014 CTP1";
# SQL 2012
var last_version11 = "11.0.7507.2";
var version11;
version11["11.0.9000"] = "2012 with Power View For Multidimensional Models CTP3";
version11["11.0.7507.2"] = "2012 SP4 + Cumulative Update January 2021 (KB4583465)";
version11["11.0.7493.4"] = "2012 SP4 + Cumulative Update Febraury 2020 (KB4532098)";
version11["11.0.7462.6"] = "2012 SP4 + Cumulative Update January 2018 (KB4057116)";
version11["11.0.7001"] = "2012 SP4 (KB4018073)";
version11["11.0.6607.3"] = "2012 SP3 + Cumulative Update 10 (KB4025925)";
version11["11.0.6598"] = "2012 SP3 + Cumulative Update 9 (KB4016762)";
version11["11.0.6594"] = "2012 SP3 + Cumulative Update 8 (KB4013104)";
version11["11.0.6579"] = "2012 SP3 + Cumulative Update 7 (KB3205051)";
version11["11.0.6567"] = "2012 SP3 + Cumulative Update 6 (KB3194992)";
version11["11.0.6544"] = "2012 SP3 + Cumulative Update 5 (KB3180915)";
version11["11.0.6540"] = "2012 SP3 + Cumulative Update 4 (KB3165264)";
version11["11.0.6537"] = "2012 SP3 + Cumulative Update 3 (KB3152635)";
version11["11.0.6523"] = "2012 SP3 + Cumulative Update 2 (KB3137746)";
version11["11.0.6518"] = "2012 SP3 + Cumulative Update 1 (KB3123299)";
version11["11.0.6020"] = "2012 SP3 RTW/PCU 3 (KB3072779)";
version11["11.0.5655"] = "2012 SP2 + Cumulative Update 13 (KB3165266)";
version11["11.0.5649"] = "2012 SP2 + Cumulative Update 12 (KB3152637)";
version11["11.0.5646"] = "2012 SP2 + Cumulative Update 11 (KB3137745)";
version11["11.0.5644"] = "2012 SP2 + Cumulative Update 10 (KB3120313)";
version11["11.0.5641"] = "2012 SP2 + Cumulative Update 9 (KB3098512)";
version11["11.0.5634"] = "2012 SP2 + Cumulative Update 8 (KB3082561)";
version11["11.0.5623"] = "2012 SP2 + Cumulative Update 7 (KB3072100)";
version11["11.0.5613"] = "2012 SP2 + MS15-058 Fix (QFE) (KB3045319)";
version11["11.0.5592"] = "2012 SP2 + Cumulative Update 6 (KB3052468)";
version11["11.0.5582"] = "2012 SP2 + Cumulative Update 5 (KB3037255)";
version11["11.0.5569"] = "2012 SP2 + Cumulative Update 4 (KB3007556)";
version11["11.0.5556"] = "2012 SP2 + Cumulative Update 3 (KB3002049)";
version11["11.0.5548"] = "2012 SP2 + Cumulative Update 2 (KB2983175)";
version11["11.0.5532"] = "2012 SP2 + Cumulative Update 1 (KB2976982)";
version11["11.0.5343"] = "2012 SP2 + MS15-058 Fix (GDR) (KB3045321)";
version11["11.0.5058"] = "2012 SP2";
version11["11.0.3513"] = "2012 SP1 + MS15-058 Fix (QFE) (KB3045317)";
version11["11.0.3482"] = "2012 SP1 + Cumulative Update 13 (KB3002044)";
version11["11.0.3470"] = "2012 SP1 + Cumulative Update 12 (KB2991533)";
version11["11.0.3460"] = "2012 SP1 + MS14-044 Fix (QFE) (KB2977325)";
version11["11.0.3449"] = "2012 SP1 + Cumulative Update 11 (KB2975396)";
version11["11.0.3437"] = "2012 SP1 + Cumulative Update 10 + Clustered Index Data Loss Fix (KB2969896)";
version11["11.0.3431"] = "2012 SP1 + Cumulative Update 10 (KB2954099)";
version11["11.0.3412"] = "2012 SP1 + Cumulative Update 9 (KB2931078)";
version11["11.0.3401"] = "2012 SP1 + Cumulative Update 8 (KB2917531)";
version11["11.0.3393"] = "2012 SP1 + Cumulative Update 7 (KB2894115)";
version11["11.0.3381"] = "2012 SP1 + Cumulative Update 6 (KB2874879)";
version11["11.0.3373"] = "2012 SP1 + Cumulative Update 5 (KB2861107)";
version11["11.0.3368"] = "2012 SP1 + Cumulative Update 4 (KB2833645)";
version11["11.0.3350"] = "2012 SP1 + Cumulative Update 3 + SSIS Fix (KB2832017)";
version11["11.0.3349"] = "2012 SP1 + Cumulative Update 3 (KB2812412)";
version11["11.0.3339"] = "2012 SP1 + Cumulative Update 2 (KB2790947)";
version11["11.0.3335"] = "2012 SP1 + Component Installation Process Fix (KB2800050)";
version11["11.0.3321"] = "2012 SP1 + Cumulative Update 1 (KB2765331)";
version11["11.0.3156"] = "2012 SP1 + MS15-058 Fix (GDR) (KB3045318)";
version11["11.0.3153"] = "2012 SP1 + MS14-044 Fix (GDR) (KB2977326)";
version11["11.0.3128"] = "2012 SP1 + Installer Repeated Start Fix (KB2793634)";
version11["11.0.3000"] = "2012 SP1";
version11["11.0.2845"] = "2012 SP1 CTP";
version11["11.0.2424"] = "2012 + Cumulative Update 11 (KB2908007)";
version11["11.0.2420"] = "2012 + Cumulative Update 10 (KB2891666)";
version11["11.0.2419"] = "2012 + Cumulative Update 9 (KB2867319)";
version11["11.0.2410"] = "2012 + Cumulative Update 8 (KB2844205)";
version11["11.0.2405"] = "2012 + Cumulative Update 7 (KB2823247)";
version11["11.0.2401"] = "2012 + Cumulative Update 6 (KB2728897)";
version11["11.0.2395"] = "2012 + Cumulative Update 5 (KB2777772)";
version11["11.0.2383"] = "2012 + Cumulative Update 4 (KB2758687)";
version11["11.0.2376"] = "2012 + MS12-070 Fix (QFE) (KB2716441)";
version11["11.0.2332"] = "2012 + Cumulative Update 3 (KB2723749)";
version11["11.0.2325"] = "2012 + Cumulative Update 2 (KB2703275)";
version11["11.0.2318"] = "2012 + MS12-070 Fix (KB2716442)";
version11["11.0.2316"] = "2012 + Cumulative Update 1 (KB2679368)";
version11["11.0.2214"] = "2012 + SSAS Fix (KB2685308)";
version11["11.0.2100"] = "2012";
version11["11.0.1913"] = "2012 Release Candidate 1";
version11["11.0.1750"] = "2012 Release Candidate 0";
version11["11.0.1440"] = "2012 CTP3";
version11["11.0.1103"] = "2012 CTP1";
# SQL 2008 R2
var last_version10_50 = "10.50.6560";
var version10_50;
version10_50["10.50.6560"] = "2008 R2 SP3 Meltdown/Spectre GDR (KB4057113)";
version10_50["10.50.6529"] = "2008 R2 SP3 + MS15-058 Fix (QFE) (KB3045314)";
version10_50["10.50.6220"] = "2008 R2 SP3 + MS15-058 Fix (GDR) (KB3045316)";
version10_50["10.50.6000"] = "2008 R2 SP3";
version10_50["10.50.4339"] = "2008 R2 SP2 + MS15-058 Fix (QFE) (KB3045312)";
version10_50["10.50.4331"] = "2008 R2 SP2 + MS14-044 Fix (QFE) + 9004 Error Fix (KB2987585)";
version10_50["10.50.4321"] = "2008 R2 SP2 + MS14-044 Fix (QFE) (KB2977319)";
version10_50["10.50.4319"] = "2008 R2 SP2 + Cumulative Update 13 (KB2967540)";
version10_50["10.50.4305"] = "2008 R2 SP2 + Cumulative Update 12 (KB2938478)";
version10_50["10.50.4302"] = "2008 R2 SP2 + Cumulative Update 11 (KB2926028)";
version10_50["10.50.4297"] = "2008 R2 SP2 + Cumulative Update 10 (KB2908087)";
version10_50["10.50.4295"] = "2008 R2 SP2 + Cumulative Update 9 (KB2887606)";
version10_50["10.50.4290"] = "2008 R2 SP2 + Cumulative Update 8 (KB2871401)";
version10_50["10.50.4286"] = "2008 R2 SP2 + Cumulative Update 7 (KB2844090)";
version10_50["10.50.4285"] = "2008 R2 SP2 + Cumulative Update 6 (updated) (KB2830140)";
version10_50["10.50.4279"] = "2008 R2 SP2 + Cumulative Update 6 (replaced) (KB2830140)";
version10_50["10.50.4276"] = "2008 R2 SP2 + Cumulative Update 5 (KB2797460)";
version10_50["10.50.4270"] = "2008 R2 SP2 + Cumulative Update 4 (KB2777358)";
version10_50["10.50.4266"] = "2008 R2 SP2 + Cumulative Update 3 (KB2754552)";
version10_50["10.50.4263"] = "2008 R2 SP2 + Cumulative Update 2 (KB2740411)";
version10_50["10.50.4260"] = "2008 R2 SP2 + Cumulative Update 1 (KB2720425)";
version10_50["10.50.4042"] = "2008 R2 SP2 + MS15-058 Fix (GDR) (KB3045313)";
version10_50["10.50.4033"] = "2008 R2 SP2 + MS14-044 Fix (GDR) (KB2977320)";
version10_50["10.50.4000"] = "2008 R2 SP2";
version10_50["10.50.3720"] = "2008 R2 SP2 CTP";
version10_50["10.50.2881"] = "2008 R2 SP1 + Cumulative Update 13 + On-Demand Hotfix (KB2868244)";
version10_50["10.50.2876"] = "2008 R2 SP1 + Cumulative Update 13 (KB2855792)";
version10_50["10.50.2875"] = "2008 R2 SP1 + Cumulative Update 12 (updated) (KB2828727)";
version10_50["10.50.2874"] = "2008 R2 SP1 + Cumulative Update 12 (replaced) (KB2828727)";
version10_50["10.50.2869"] = "2008 R2 SP1 + Cumulative Update 11 (KB2812683)";
version10_50["10.50.2868"] = "2008 R2 SP1 + Cumulative Update 10 (KB2783135)";
version10_50["10.50.2866"] = "2008 R2 SP1 + Cumulative Update 9 (KB2756574)";
version10_50["10.50.2861"] = "2008 R2 SP1 + MS12-070 Fix (QFE) (KB2716439)";
version10_50["10.50.2822"] = "2008 R2 SP1 + Cumulative Update 8 (KB2723743)";
version10_50["10.50.2817"] = "2008 R2 SP1 + Cumulative Update 7 (KB2703282)";
version10_50["10.50.2811"] = "2008 R2 SP1 + Cumulative Update 6 (KB2679367)";
version10_50["10.50.2807"] = "2008 R2 SP1 + Cumulative Update 5 + DML Statement Fix (KB2675522)";
version10_50["10.50.2806"] = "2008 R2 SP1 + Cumulative Update 5 (KB2659694)";
version10_50["10.50.2799"] = "2008 R2 SP1 + Cumulative Update 4 + Non-yielding Scheduler Error Fix (KB2633357)";
version10_50["10.50.2796"] = "2008 R2 SP1 + Cumulative Update 4 (KB2633146)";
version10_50["10.50.2789"] = "2008 R2 SP1 + Cumulative Update 3 (KB2591748)";
version10_50["10.50.2776"] = "2008 R2 SP1 + Cumulative Update 2 + Slow Performance Fix (KB2606883)";
version10_50["10.50.2772"] = "2008 R2 SP1 + Cumulative Update 2 (KB2567714)";
version10_50["10.50.2769"] = "2008 R2 SP1 + Cumulative Update 1 (KB2544793)";
version10_50["10.50.2550"] = "2008 R2 SP1 + MS12-070 Fix (KB2716440)";
version10_50["10.50.2500"] = "2008 R2 SP1";
version10_50["10.50.1817"] = "2008 R2 + Cumulative Update 14 (KB2703280)";
version10_50["10.50.1815"] = "2008 R2 + Cumulative Update 13 (KB2679366)";
version10_50["10.50.1810"] = "2008 R2 + Cumulative Update 12 (KB2659692)";
version10_50["10.50.1809"] = "2008 R2 + Cumulative Update 11 (KB2633145)";
version10_50["10.50.1807"] = "2008 R2 + Cumulative Update 10 (KB2591746)";
version10_50["10.50.1804"] = "2008 R2 + Cumulative Update 9 (KB2567713)";
version10_50["10.50.1800"] = "2008 R2 + Cumulative Update 8 + Sparse Database Data Files Fix (KB2574699)";
version10_50["10.50.1797"] = "2008 R2 + Cumulative Update 8 (KB2534352)";
version10_50["10.50.1790"] = "2008 R2 + Cumulative Update 8 + MS11-049 Fix (KB2494086)";
version10_50["10.50.1777"] = "2008 R2 + Cumulative Update 7 (KB2507770)";
version10_50["10.50.1769"] = "2008 R2 + Cumulative Update 6 + Non-yielding Scheduler Error Fix (KB2520808)";
version10_50["10.50.1765"] = "2008 R2 + Cumulative Update 6 (KB2489376)";
version10_50["10.50.1753"] = "2008 R2 + Cumulative Update 5 (KB2438347)";
version10_50["10.50.1746"] = "2008 R2 + Cumulative Update 4 (KB2345451)";
version10_50["10.50.1734"] = "2008 R2 + Cumulative Update 3 (KB2261464)";
version10_50["10.50.1720"] = "2008 R2 + Cumulative Update 2 (KB2072493)";
version10_50["10.50.1702"] = "2008 R2 + Cumulative Update 1 (Q981355)";
version10_50["10.50.1617"] = "2008 R2 + MS11-049 Fix (KB2494088)";
version10_50["10.50.1600"] = "2008 R2";
# SQL 2008
var last_version10 = "10.0.6556";
var version10;
version10["10.0.6556"] = "2008 SP4 Meltdown/Spectre GDR (KB4057114)";
version10["10.0.6535"] = "2008 SP4 + MS15-058 Fix (QFE) (KB3045308)";
version10["10.0.6241"] = "2008 SP4 + MS15-058 Fix (GDR) (KB3045311)";
version10["10.0.6000"] = "2008 SP4";
version10["10.0.5890"] = "2008 SP3 + MS15-058 Fix (QFE) (KB3045303)";
version10["10.0.5869"] = "2008 SP3 + MS14-044 Fix (QFE) (KB2977322)";
version10["10.0.5867"] = "2008 SP3 + dbcc shrinkfile Statement Error 8985 Fix (KB2877204)";
version10["10.0.5861"] = "2008 SP3 + Cumulative Update 17 (KB2958696)";
version10["10.0.5852"] = "2008 SP3 + Cumulative Update 16 (KB2936421)";
version10["10.0.5850"] = "2008 SP3 + Cumulative Update 15 (KB2923520)";
version10["10.0.5848"] = "2008 SP3 + Cumulative Update 14 (KB2893410)";
version10["10.0.5846"] = "2008 SP3 + Cumulative Update 13 (KB2880350)";
version10["10.0.5844"] = "2008 SP3 + Cumulative Update 12 (KB2863205)";
version10["10.0.5841"] = "2008 SP3 + Cumulative Update 11 (updated) (KB2834048)";
version10["10.0.5840"] = "2008 SP3 + Cumulative Update 11 (replaced) (KB2834048)";
version10["10.0.5835"] = "2008 SP3 + Cumulative Update 10 (KB2814783)";
version10["10.0.5829"] = "2008 SP3 + Cumulative Update 9 (KB2799883)";
version10["10.0.5828"] = "2008 SP3 + Cumulative Update 8 (KB2771833)";
version10["10.0.5826"] = "2008 SP3 + MS12-070 Fix (QFE) (KB2716435)";
version10["10.0.5794"] = "2008 SP3 + Cumulative Update 7 (KB2738350)";
version10["10.0.5788"] = "2008 SP3 + Cumulative Update 6 (KB2715953)";
version10["10.0.5785"] = "2008 SP3 + Cumulative Update 5 (KB2696626)";
version10["10.0.5775"] = "2008 SP3 + Cumulative Update 4 (KB2673383)";
version10["10.0.5770"] = "2008 SP3 + Cumulative Update 3 (KB2648098)";
version10["10.0.5768"] = "2008 SP3 + Cumulative Update 2 (KB2633143)";
version10["10.0.5766"] = "2008 SP3 + Cumulative Update 1 (KB2617146)";
version10["10.0.5538"] = "2008 SP3 + MS15-058 Fix (GDR) (KB3045305)";
version10["10.0.5520"] = "2008 SP3 + MS14-044 Fix (GDR) (KB2977321)";
version10["10.0.5512"] = "2008 SP3 + MS12-070 Fix (KB2716436)";
version10["10.0.5500"] = "2008 SP3";
version10["10.0.5416"] = "2008 SP3 CTP";
version10["10.0.2531"] = "2008 SP2 + MS12-070 Fix (QFE) (KB2716433)";
version10["10.0.4333"] = "2008 SP2 + Cumulative Update 11 (KB2715951)";
version10["10.0.4332"] = "2008 SP2 + Cumulative Update 10 (KB2696625)";
version10["10.0.4330"] = "2008 SP2 + Cumulative Update 9 (KB2673382)";
version10["10.0.4326"] = "2008 SP2 + Cumulative Update 8 (KB2648096)";
version10["10.0.4323"] = "2008 SP2 + Cumulative Update 7 (KB2617148)";
version10["10.0.4321"] = "2008 SP2 + Cumulative Update 6 (KB2582285)";
version10["10.0.4316"] = "2008 SP2 + Cumulative Update 5 (KB2555408)";
version10["10.0.4285"] = "2008 SP2 + Cumulative Update 4 (KB2527180)";
version10["10.0.4279"] = "2008 SP2 + Cumulative Update 3 (KB2498535)";
version10["10.0.4272"] = "2008 SP2 + Cumulative Update 2 (KB2467239)";
version10["10.0.4266"] = "2008 SP2 + Cumulative Update 1 (KB2289254)";
version10["10.0.4067"] = "2008 SP2 + MS12-070 Fix (KB2716434)";
version10["10.0.4064"] = "2008 SP2 + MS11-049 Fix (KB2494089)";
version10["10.0.4000"] = "2008 SP2";
version10["10.0.3798"] = "2008 SP2 CTP";
version10["10.0.2850"] = "2008 SP1 + Cumulative Update 16 (KB2582282)";
version10["10.0.2847"] = "2008 SP1 + Cumulative Update 15 (KB2555406)";
version10["10.0.2821"] = "2008 SP1 + Cumulative Update 14 (KB2527187)";
version10["10.0.2816"] = "2008 SP1 + Cumulative Update 13 (KB2497673)";
version10["10.0.2808"] = "2008 SP1 + Cumulative Update 12 (KB2467236)";
version10["10.0.2804"] = "2008 SP1 + Cumulative Update 11 (KB2413738)";
version10["10.0.2799"] = "2008 SP1 + Cumulative Update 10 (KB2279604)";
version10["10.0.2789"] = "2008 SP1 + Cumulative Update 9 (KB2083921)";
version10["10.0.2787"] = "2008 SP1 + Fixed Cumulative Update 7 or 8 (KB2231277)";
version10["10.0.2775"] = "2008 SP1 + Cumulative Update 8 (Q981702)";
version10["10.0.2766"] = "2008 SP1 + Cumulative Update 7 (Q979065)";
version10["10.0.2757"] = "2008 SP1 + Cumulative Update 6 (Q977443)";
version10["10.0.2746"] = "2008 SP1 + Cumulative Update 5 (Q975977)";
version10["10.0.2740"] = "2008 SP1 + Fixed Cumulative Update 3 or 4 (Q976761)";
version10["10.0.2734"] = "2008 SP1 + Cumulative Update 4 (Q973602)";
version10["10.0.2723"] = "2008 SP1 + Cumulative Update 3 (Q971491)";
version10["10.0.2714"] = "2008 SP1 + Cumulative Update 2 (Q970315)";
version10["10.0.2712"] = "2008 SP1 + Q970507";
version10["10.0.2710"] = "2008 SP1 + Cumulative Update 1 (Q969099)";
version10["10.0.2573"] = "2008 SP1 + MS11-049 Fix (KB2494096)";
version10["10.0.2531"] = "2008 SP1";
version10["10.0.2520"] = "2008 SP1 CTP";
version10["10.0.1835"] = "2008 + Cumulative Update 10 (Q979064)";
version10["10.0.1828"] = "2008 + Cumulative Update 9 (Q977444)";
version10["10.0.1823"] = "2008 + Cumulative Update 8 (Q975976)";
version10["10.0.1818"] = "2008 + Cumulative Update 7 (Q973601)";
version10["10.0.1812"] = "2008 + Cumulative Update 6 (Q971490)";
version10["10.0.1806"] = "2008 + Cumulative Update 5 (Q969531)";
version10["10.0.1798"] = "2008 + Cumulative Update 4 (Q963036)";
version10["10.0.1787"] = "2008 + Cumulative Update 3 (Q960484)";
version10["10.0.1779"] = "2008 + Cumulative Update 2 (Q958186)";
version10["10.0.1771"] = "2008 + Q958611";
version10["10.0.1763"] = "2008 + Cumulative Update 1 (Q956717)";
version10["10.0.1750"] = "2008 + Q956718";
version10["10.0.1600"] = "2008";
# SQL 2005
var last_version9 = "9.00.5324";
var version9;
version9["9.00.5324"] = "2005 SP4 + MS12-070 Fix (QFE) (KB 2716427)";
version9["9.00.5296"] = "2005 SP4 + Cumulative Update 3 + Msg 7359 Fix (KB 2615425)";
version9["9.00.5295"] = "2005 SP4 + Cumulative Update 3 + Agent Job Stop Fix (KB 2598903)";
version9["9.00.5294"] = "2005 SP4 + Cumulative Update 3 + Error 5180 Fix (KB 2572407)";
version9["9.00.5292"] = "2005 SP4 + Cumulative Update 3 + MS11-049 Fix (KB 2494123)";
version9["9.00.5266"] = "2005 SP4 + Cumulative Update 3 (KB 2507769)";
version9["9.00.5259"] = "2005 SP4 + Cumulative Update 2 (KB 2489409)";
version9["9.00.5254"] = "2005 SP4 + Cumulative Update 1 (KB 2464079)";
version9["9.00.5069"] = "2005 SP4 + MS12-070 Fix (KB 2716429)";
version9["9.00.5057"] = "2005 SP4 + MS11-049 Fix (KB 2494120)";
version9["9.00.5000"] = "2005 SP4 (KB 2463332)";
version9["9.00.4912"] = "2005 SP4 CTP";
version9["9.00.4340"] = "2005 SP3 + Cumulative Update 15 + MS11-049 Fix (KB 2494112)";
version9["9.00.4325"] = "2005 SP3 + Cumulative Update 15 (KB 2507766)";
version9["9.00.4317"] = "2005 SP3 + Cumulative Update 14 (KB 2489375)";
version9["9.00.4315"] = "2005 SP3 + Cumulative Update 13 (KB 2438344)";
version9["9.00.4311"] = "2005 SP3 + Cumulative Update 12 (KB 2345449)";
version9["9.00.4309"] = "2005 SP3 + Cumulative Update 11 (KB 2258854)";
version9["9.00.4305"] = "2005 SP3 + Cumulative Update 10 (Q983329)";
version9["9.00.4294"] = "2005 SP3 + Cumulative Update 9 (Q980176)";
version9["9.00.4285"] = "2005 SP3 + Cumulative Update 8 (Q978915)";
version9["9.00.4273"] = "2005 SP3 + Cumulative Update 7 (Q976951)";
version9["9.00.4268"] = "2005 SP3 + Q977151";
version9["9.00.4266"] = "2005 SP3 + Cumulative Update 6 (Q974648)";
version9["9.00.4262"] = "2005 SP3 + Cumulative Update 6 (QFE) (Q970894)";
version9["9.00.4230"] = "2005 SP3 + Cumulative Update 5 (Q972511)";
version9["9.00.4226"] = "2005 SP3 + Cumulative Update 4 (Q970279)";
version9["9.00.4224"] = "2005 SP3 + Q971409";
version9["9.00.4220"] = "2005 SP3 + Cumulative Update 3 (Q967909)";
version9["9.00.4216"] = "2005 SP3 + Q967101";
version9["9.00.4211"] = "2005 SP3 + Cumulative Update 2 (Q961930)";
version9["9.00.4207"] = "2005 SP3 + Cumulative Update 1 (Q959195)";
version9["9.00.4060"] = "2005 SP3 + MS11-049 Fix (KB 2494113)";
version9["9.00.4053"] = "2005 SP3 + MS09-062 Fix (Q970892)";
version9["9.00.4035"] = "2005 SP3 (Q955706)";
version9["9.00.3356"] = "2005 SP2 + Cumulative Update 17 (Q976952)";
version9["9.00.3355"] = "2005 SP2 + Cumulative Update 16 (Q974647)";
version9["9.00.3353"] = "2005 SP2 + Cumulative Update 15 + MS09-062 Fix (Q970896)";
version9["9.00.3330"] = "2005 SP2 + Cumulative Update 15 (Q972510)";
version9["9.00.3328"] = "2005 SP2 + Cumulative Update 14 (Q970278)";
version9["9.00.3327"] = "2005 SP2 + Cumulative Update 17 + LOB Fix (Q948567 / 961648)";
version9["9.00.3325"] = "2005 SP2 + Cumulative Update 13 (Q967908)";
version9["9.00.3320"] = "2005 SP2 + Q969142";
version9["9.00.3318"] = "2005 SP2 + Q967199";
version9["9.00.3315"] = "2005 SP2 + Cumulative Update 12 (Q962970)";
version9["9.00.3310"] = "2005 SP2 + Q960090";
version9["9.00.3303"] = "2005 SP2 + Q962209";
version9["9.00.3302"] = "2005 SP2 + Q961479 / 961648";
version9["9.00.3301"] = "2005 SP2 + Cumulative Update 11 (Q958735)";
version9["9.00.3295"] = "2005 SP2 + Q959132";
version9["9.00.3294"] = "2005 SP2 + Cumulative Update 10 (Q956854)";
version9["9.00.3291"] = "2005 SP2 + Q956889";
version9["9.00.3289"] = "2005 SP2 + Q937137";
version9["9.00.3282"] = "2005 SP2 + Cumulative Update 9 (Q953752 / 953607)";
version9["9.00.3261"] = "2005 SP2 + Q955754";
version9["9.00.3260"] = "2005 SP2 + Q954950";
version9["9.00.3259"] = "2005 SP2 + Q954669 / 954831";
version9["9.00.3257"] = "2005 SP2 + Cumulative Update 8 (Q951217)";
version9["9.00.3253"] = "2005 SP2 + Q954054";
version9["9.00.3244"] = "2005 SP2 + Q952330";
version9["9.00.3242"] = "2005 SP2 + Q951190";
version9["9.00.3240"] = "2005 SP2 + Q951204";
version9["9.00.3239"] = "2005 SP2 + Cumulative Update 7 (Q949095)";
version9["9.00.3235"] = "2005 SP2 + Q950189";
version9["9.00.3233"] = "2005 SP2 + Q941203 / 948108 (QFE)";
version9["9.00.3232"] = "2005 SP2 + Q949959";
version9["9.00.3231"] = "2005 SP2 + Q949687 / 949595";
version9["9.00.3230"] = "2005 SP2 + Q949199";
version9["9.00.3228"] = "2005 SP2 + Cumulative Update 6 (Q946608)";
version9["9.00.3224"] = "2005 SP2 + Q947463";
version9["9.00.3222"] = "2005 SP2 + Q945640 / 945641 / 947196 / 947197";
version9["9.00.3221"] = "2005 SP2 + Q942908 / 945442 / 945443 / 945916 / 944358 ";
version9["9.00.3215"] = "2005 SP2 + Cumulative Update 5 (Q941450)";
version9["9.00.3209"] = "2005 SP2 + KB N/A";
version9["9.00.3208"] = "2005 SP2 + Q944902";
version9["9.00.3206"] = "2005 SP2 + Q944677";
version9["9.00.3205"] = "2005 SP2 + KB N/A";
version9["9.00.3203"] = "2005 SP2 + KB N/A";
version9["9.00.3200"] = "2005 SP2 + Cumulative Update 4 (Q941450)";
version9["9.00.3195"] = "2005 SP2 + KB N/A";
version9["9.00.3194"] = "2005 SP2 + Q940933";
version9["9.00.3186"] = "2005 SP2 + Cumulative Update 3 (Q939562)";
version9["9.00.3182"] = "2005 SP2 + Q940128";
version9["9.00.3180"] = "2005 SP2 + Q939942";
version9["9.00.3179"] = "2005 SP2 + Q938243";
version9["9.00.3178"] = "2005 SP2 + KB N/A";
version9["9.00.3177"] = "2005 SP2 + Q939563 / 939285";
version9["9.00.3175"] = "2005 SP2 + Cumulative Update 2 (Q936305 / 938825)";
version9["9.00.3171"] = "2005 SP2 + Q937745";
version9["9.00.3169"] = "2005 SP2 + Q937041 / 937033";
version9["9.00.3166"] = "2005 SP2 + Q936185 / 934734";
version9["9.00.3162"] = "2005 SP2 + Q932610 / 935360 / 935922";
version9["9.00.3161"] = "2005 SP2 + Q935356 / 933724 (Cumulative HF1)";
version9["9.00.3159"] = "2005 SP2 + Q934459";
version9["9.00.3156"] = "2005 SP2 + Q934226";
version9["9.00.3155"] = "2005 SP2 + Q933549 / 933766 / 933808 / 933724 / 932115 / 933499";
version9["9.00.3154"] = "2005 SP2 + Q934106 / 934109 / 934188";
version9["9.00.3153"] = "2005 SP2 + Q933564";
version9["9.00.3152"] = "2005 SP2 + Cumulative Update 1 (Q933097)";
version9["9.00.3080"] = "2005 SP2 + MS09-062 Fix (Q970895)";
version9["9.00.3077"] = "2005 SP2 + MS09-004 Fix (Q960089)";
version9["9.00.3073"] = "2005 SP2 + MS08-052 Fix (Q954606)";
version9["9.00.3068"] = "2005 SP2 + Q941203 / 948109";
version9["9.00.3054"] = "2005 SP2 + Q934458";
version9["9.00.3050"] = "2005 SP2 + Q933508";
version9["9.00.3043"] = "2005 SP2 + Q933508";
version9["9.00.3042"] = "2005 SP2 'Fixed'";
version9["9.00.3033"] = "2005 SP2 CTP (December)";
version9["9.00.3027"] = "2005 SP2 CTP (November)";
version9["9.00.3026"] = "2005 SP1 + Q929376";
version9["9.00.2249"] = "2005 SP1 + Q948344";
version9["9.00.2245"] = "2005 SP1 + Q933573";
version9["9.00.2243"] = "2005 SP1 + Q944968";
version9["9.00.2242"] = "2005 SP1 + Q943389 / 943388";
version9["9.00.2239"] = "2005 SP1 + Q940961";
version9["9.00.2237"] = "2005 SP1 + Q940719";
version9["9.00.2236"] = "2005 SP1 + Q940287 / 940286";
version9["9.00.2234"] = "2005 SP1 + Q937343";
version9["9.00.2233"] = "2005 SP1 + Q933499 / 937545";
version9["9.00.2232"] = "2005 SP1 + Q937277";
version9["9.00.2231"] = "2005 SP1 + Q934812";
version9["9.00.2230"] = "2005 SP1 + Q936179";
version9["9.00.2229"] = "2005 SP1 + Q935446";
version9["9.00.2227"] = "2005 SP1 + Q934066 / 933265";
version9["9.00.2226"] = "2005 SP1 + Q933762 / 934065 / 934065";
version9["9.00.2224"] = "2005 SP1 + Q932990 / 933519";
version9["9.00.2223"] = "2005 SP1 + Q932393";
version9["9.00.2221"] = "2005 SP1 + Q931593";
version9["9.00.2219"] = "2005 SP1 + Q931329 / 932115";
version9["9.00.2218"] = "2005 SP1 + Q931843 / 931843";
version9["9.00.2216"] = "2005 SP1 + Q931821";
version9["9.00.2215"] = "2005 SP1 + Q931666";
version9["9.00.2214"] = "2005 SP1 + Q929240 / 930505 / 930775";
version9["9.00.2211"] = "2005 SP1 + Q930283 / 930284";
version9["9.00.2209"] = "2005 SP1 + Q929278";
version9["9.00.2208"] = "2005 SP1 + Q929179 / 929404";
version9["9.00.2207"] = "2005 SP1 + Q928394 / 928372 / 928789";
version9["9.00.2206"] = "2005 SP1 + Q928539 / 928083 / 928537";
version9["9.00.2202"] = "2005 SP1 + Q927643";
version9["9.00.2201"] = "2005 SP1 + Q927289";
version9["9.00.2198"] = "2005 SP1 + Q926773 / 926611 / 924808 / 925277 / 926612 / 924807 / 924686";
version9["9.00.2196"] = "2005 SP1 + Q926285 / 926335 / 926024";
version9["9.00.2195"] = "2005 SP1 + Q926240";
version9["9.00.2194"] = "2005 SP1 + Q925744";
version9["9.00.2192"] = "2005 SP1 + Q924954 / 925335";
version9["9.00.2191"] = "2005 SP1 + Q925135";
version9["9.00.2190"] = "2005 SP1 + Q925227";
version9["9.00.2189"] = "2005 SP1 + Q925153";
version9["9.00.2187"] = "2005 SP1 + Q923849";
version9["9.00.2183"] = "2005 SP1 + Q929404 / 924291";
version9["9.00.2181"] = "2005 SP1 + Q923624 / 923605";
version9["9.00.2176"] = "2005 SP1 + Q923296 / 922594";
version9["9.00.2175"] = "2005 SP1 + Q922578 / 922438 / 921536 / 922579 / 920794";
version9["9.00.2174"] = "2005 SP1 + Q922063";
version9["9.00.2167"] = "2005 SP1 + Q920974 / 921295";
version9["9.00.2164"] = "2005 SP1 + Q919636 / 918832 / 919775";
version9["9.00.2156"] = "2005 SP1 + Q919611";
version9["9.00.2153"] = "2005 SP1 + builds 1531-40";
version9["9.00.2050"] = "2005 SP1 + .NET Vulnerability fix";
version9["9.00.2047"] = "2005 SP1";
version9["9.00.2040"] = "2005 SP1 CTP";
version9["9.00.2029"] = "2005 SP1 Beta";
version9["9.00.1561"] = "2005 + Q932556";
version9["9.00.1558"] = "2005 + Q926493";
version9["9.00.1554"] = "2005 + Q926292";
version9["9.00.1551"] = "2005 + Q922804";
version9["9.00.1550"] = "2005 + Q917887 / 921106";
version9["9.00.1547"] = "2005 + Q918276";
version9["9.00.1545"] = "2005 + Q917905 / 919193";
version9["9.00.1541"] = "2005 + Q917888 / 917971";
version9["9.00.1539"] = "2005 + Q917738";
version9["9.00.1538"] = "2005 + Q917824";
version9["9.00.1536"] = "2005 + Q917016";
version9["9.00.1534"] = "2005 + Q916706";
version9["9.00.1533"] = "2005 + Q916086";
version9["9.00.1532"] = "2005 + Q916046";
version9["9.00.1531"] = "2005 + Q915918";
version9["9.00.1528"] = "2005 + Q915112 / 915306 / 915307/ 915308";
version9["9.00.1519"] = "2005 + Q913494";
version9["9.00.1518"] = "2005 + Q912472 / 913371 / 913941";
version9["9.00.1514"] = "2005 + Q912471";
version9["9.00.1503"] = "2005 + Q911662";
version9["9.00.1502"] = "2005 + Q915793";
version9["9.00.1500"] = "2005 + Q910416";
version9["9.00.1406"] = "2005 + Q932557";
version9["9.00.1399"] = "2005";
# SQL 2000
var last_version8 = "8.00.2305";
var version8;
version8["8.00.2305"] = "2000 SP4 + MS12-060 Fix (Q983811)";
version8["8.00.2301"] = "2000 SP4 + MS12-027 Fix (Q983809)";
version8["8.00.2283"] = "2000 SP4 + Q971524";
version8["8.00.2282"] = "2000 SP4 + MS09-004 Fix (Q960083)";
version8["8.00.2279"] = "2000 SP4 + Q959678";
version8["8.00.2273"] = "2000 SP4 + Q941203 / 948111";
version8["8.00.2271"] = "2000 SP4 + Q946584";
version8["8.00.2265"] = "2000 SP4 + Q944985";
version8["8.00.2253"] = "2000 SP4 + Q939317";
version8["8.00.2249"] = "2000 SP4 + Q936232";
version8["8.00.2248"] = "2000 SP4 + Q935950";
version8["8.00.2246"] = "2000 SP4 + Q935465";
version8["8.00.2245"] = "2000 SP4 + Q933573";
version8["8.00.2244"] = "2000 SP4 + Q934203";
version8["8.00.2242"] = "2000 SP4 + Q929131 / 932686 / 932674";
version8["8.00.2238"] = "2000 SP4 + Q931932";
version8["8.00.2234"] = "2000 SP4 + Q929440 / 929131";
version8["8.00.2232"] = "2000 SP4 + Q928568";
version8["8.00.2231"] = "2000 SP4 + Q928079";
version8["8.00.2229"] = "2000 SP4 + Q927186";
version8["8.00.2226"] = "2000 SP4 + Q925684 / 925732";
version8["8.00.2223"] = "2000 SP4 + Q925678 / 925419";
version8["8.00.2218"] = "2000 SP4 + Q925297";
version8["8.00.2217"] = "2000 SP4 + Q924664";
version8["8.00.2215"] = "2000 SP4 + Q924662 / 923563 / 923327 / 923796";
version8["8.00.2209"] = "2000 SP4 + Q923797";
version8["8.00.2207"] = "2000 SP4 + Q923344";
version8["8.00.2201"] = "2000 SP4 + Q920930";
version8["8.00.2199"] = "2000 SP4 + Q919221";
version8["8.00.2197"] = "2000 SP4 + Q919133 / 919068 / 919399";
version8["8.00.2196"] = "2000 SP4 + Q919165";
version8["8.00.2194"] = "2000 SP4 + Q917972 / 917565";
version8["8.00.2192"] = "2000 SP4 + Q917606";
version8["8.00.2191"] = "2000 SP4 + Q916698 / 916950";
version8["8.00.2189"] = "2000 SP4 + Q916652 / 913438";
version8["8.00.2187"] = "2000 SP4 + Q916287";
version8["8.00.2162"] = "2000 SP4 + Q904660";
version8["8.00.2159"] = "2000 SP4 + Q907250";
version8["8.00.2151"] = "2000 SP4 + Q903742";
version8["8.00.2148"] = "2000 SP4 + Q899430";
version8["8.00.2145"] = "2000 SP4 + Q826906 / 836651";
version8["8.00.2066"] = "2000 SP4 + MS12-060 Fix (Q983812 / 983813)";
version8["8.00.2065"] = "2000 SP4 + MS12-027 Fix (Q983808)";
version8["8.00.2055"] = "2000 SP4 + MS09-004 Fix (Q959420)";
version8["8.00.2040"] = "2000 SP4 + Q899761";
version8["8.00.2039"] = "2000 SP4";
version8["8.00.2026"] = "2000 SP4 Beta";
version8["8.00.1077"] = "2000 SP2 + MS12-070 Fix (KB 983814)";
version8["8.00.818"] = "2000 SP3 + Q815495";
version8["8.00.760"] = "2000 SP3";
version8["8.00.679"] = "2000 SP2 + Q316333";
version8["8.00.667"] = "2000 SP2 + 8/14 fix";
version8["8.00.665"] = "2000 SP2 + 8/8 fix";
version8["8.00.655"] = "2000 SP2 + 7/24 fix";
version8["8.00.650"] = "2000 SP2 + Q322853";
version8["8.00.608"] = "2000 SP2 + Q319507";
version8["8.00.604"] = "2000 SP2 + 3/29 fix";
version8["8.00.578"] = "2000 SP2 + Q317979";
version8["8.00.561"] = "2000 SP2 + 1/29 fix";
version8["8.00.534"] = "2000 SP2.01";
version8["8.00.532"] = "2000 SP2";
version8["8.00.475"] = "2000 SP1 + 1/29 fix";
version8["8.00.452"] = "2000 SP1 + Q308547";
version8["8.00.444"] = "2000 SP1 + Q307540 / 307655";
version8["8.00.443"] = "2000 SP1 + Q307538";
version8["8.00.428"] = "2000 SP1 + Q304850";
version8["8.00.384"] = "2000 SP1";
version8["8.00.287"] = "2000 + Q297209";
version8["8.00.250"] = "2000 + Q291683";
version8["8.00.249"] = "2000 + Q288122";
version8["8.00.239"] = "2000 + Q285290";
version8["8.00.233"] = "2000 + Q282416";
version8["8.00.231"] = "2000 + Q282279";
version8["8.00.226"] = "2000 + Q278239";
version8["8.00.225"] = "2000 + Q281663";
version8["8.00.223"] = "2000 + Q280380";
version8["8.00.222"] = "2000 + Q281769";
version8["8.00.218"] = "2000 + Q279183";
version8["8.00.217"] = "2000 + Q279293 / 279296";
version8["8.00.211"] = "2000 + Q276329";
version8["8.00.210"] = "2000 + Q275900";
version8["8.00.205"] = "2000 + Q274330";
version8["8.00.204"] = "2000 + Q274329";
version8["8.00.194"] = "2000";
version8["8.00.190"] = "2000 Gold";
version8["8.00.100"] = "2000 Beta 2";
version8["8.00.078"] = "2000 EAP5";
version8["8.00.047"] = "2000 EAP4";
var last_version7 = "7.00.1152";
var version7;
version7["7.00.1152"] = "7.0 SP4 + Q941203 / 948113";
version7["7.00.1150"] = "7.0 SP4 + Q891116";
version7["7.00.1149"] = "7.0 SP4 + Q867763";
version7["7.00.1144"] = "7.0 SP4 + Q830233";
version7["7.00.1143"] = "7.0 SP4 + Q829015";
version7["7.00.1097"] = "7.0 SP4 + Q822756";
version7["7.00.1094"] = "7.0 SP4 + Q815495";
version7["7.00.1094"] = "7.0 SP4 + Q821279";
version7["7.00.1093"] = "7.0 SP4 + Q820788";
version7["7.00.1087"] = "7.0 SP4 + Q814693";
version7["7.00.1079"] = "7.0 SP4 + Q NA";
version7["7.00.1078"] = "7.0 SP4 + Q327068";
version7["7.00.1077"] = "7.0 SP4 + Q327068";
version7["7.00.1076"] = "7.0 SP4 + Q327068";
version7["7.00.1063"] = "7.0 SP4";
version7["7.00.1030"] = "7.0 SP3 + Q318268";
version7["7.00.1004"] = "7.0 SP3 + Q304851";
version7["7.00.996"] = "7.0 SP3 + hotfix";
version7["7.00.978"] = "7.0 SP3 + Q285870";
version7["7.00.977"] = "7.0 SP3 + Q284351";
version7["7.00.970"] = "7.0 SP3 + Q283837 / 282243";
version7["7.00.961"] = "7.0 SP3";
version7["7.00.921"] = "7.0 SP2 + Q283837";
version7["7.00.919"] = "7.0 SP2 + Q282243";
version7["7.00.918"] = "7.0 SP2 + Q280380";
version7["7.00.917"] = "7.0 SP2 + Q279180";
version7["7.00.910"] = "7.0 SP2 + Q275901";
version7["7.00.905"] = "7.0 SP2 + Q274266";
version7["7.00.889"] = "7.0 SP2 + Q243741";
version7["7.00.879"] = "7.0 SP2 + Q281185";
version7["7.00.857"] = "7.0 SP2 + Q260346";
version7["7.00.842"] = "7.0 SP2";
version7["7.00.835"] = "7.0 SP2 Beta";
version7["7.00.776"] = "7.0 SP1 + Q258087";
version7["7.00.770"] = "7.0 SP1 + Q252905";
version7["7.00.745"] = "7.0 SP1 + Q253738";
version7["7.00.722"] = "7.0 SP1 + Q239458";
version7["7.00.699"] = "7.0 SP1";
version7["7.00.689"] = "7.0 SP1 Beta";
version7["7.00.677"] = "7.0 MSDE O2K Dev";
version7["7.00.662"] = "7.0 Gold + Q232707";
version7["7.00.658"] = "7.0 Gold + Q244763";
version7["7.00.657"] = "7.0 Gold + Q229875";
version7["7.00.643"] = "7.0 Gold + Q220156";
version7["7.00.623"] = "7.0 Gold, no SP";
version7["7.00.583"] = "7.0 RC1";
version7["7.00.517"] = "7.0 Beta 3";
version7["7.00.416"] = "7.0 SP5a";
version7["7.00.415"] = "7.0 SP5 ** BAD **";
version7["7.00.339"] = "7.0 SP4 + y2k";
version7["7.00.297"] = "7.0 SP4 + SBS";
version7["7.00.281"] = "7.0 SP4";
version7["7.00.259"] = "7.0 SP3 + SBS";
version7["7.00.258"] = "7.0 SP3";
version7["7.00.252"] = "7.0 SP3 ** BAD **";
version7["7.00.240"] = "7.0 SP2";
version7["7.00.213"] = "7.0 SP1";
version7["7.00.201"] = "7.0 No SP";
version7["7.00.198"] = "7.0 Beta 1";
version7["7.00.151"] = "7.0 SP3";
version7["7.00.139"] = "7.0 SP2";
version7["7.00.124"] = "7.0 SP1";
version7["7.00.121"] = "7.0 No SP";
version7["6.50.480"] = "6.5 Post SP5a + Q238621";
version7["6.50.479"] = "6.5 Post SP5a";
version7["6.50.464"] = "6.5 SP5a + Q275483";
version7["6.50.416"] = "6.5 SP5a";
version7["6.50.415"] = "6.5 Bad SP5";
version7["6.50.339"] = "6.5 Y2K Hotfix";
version7["6.50.297"] = "6.5 Site Server 3";
version7["6.50.281"] = "6.5 SP4";
version7["6.50.259"] = "6.5 SBS only";
version7["6.50.258"] = "6.5 SP3";
version7["6.50.252"] = "6.5 Bad SP3";
version7["6.50.240"] = "6.5 SP2";
version7["6.50.213"] = "6.5 SP1";
version7["6.50.201"] = "6.5 Gold";
version7["6.00.151"] = "6.0 SP3";
version7["6.00.139"] = "6.0 SP2";
version7["6.00.124"] = "6.0 SP1";
version7["6.00.121"] = "6.0 No SP";
###
# Main
###
var port = kb_smb_transport();
var smbarch = get_kb_item_or_exit("SMB/ARCH", exit_code:1);
var app = "Microsoft SQL Server";
var cpe = "cpe:/a:microsoft:sql_server";
var mssql_str_pattern = "^MSSQL[\d]{2}\.";
var key = "SOFTWARE\Microsoft\Microsoft SQL Server\";
var key_part, path, key_cmdexec, edition, editiontype, version, res, item;
var installs = {}, items = [], subkey, values, val, hklm, subkeys, extra = {};
var file_version, file_product_version, arch, named_instance, localdb, files_info = [];
var file_version_parts, version_parts, verbose_version, lv, report = '';
registry_init();
hklm = registry_hive_connect(hive:HKEY_LOCAL_MACHINE, exit_on_fail:TRUE);
subkeys = get_registry_subkeys(handle:hklm, key:key);
foreach subkey (subkeys)
{
values = get_registry_subkeys(handle:hklm, key:key + subkey);
foreach val (values)
{
if (val == 'Setup')
{
append_element(var:items, value:subkey);
break;
}
}
}
foreach item (items)
{
key_part = "SOFTWARE\Microsoft\Microsoft SQL Server\" + item + "\Setup\";
dbg::log(src:SCRIPT_NAME,
msg:'MSSQL instance retrieved:'+ item +'\n');
path = get_registry_value(handle:hklm, item:key_part + "SQLBinRoot");
if (path) spad_log(message:'SQLBinRoot: ' + obj_rep(path));
# if SQLBinRoot is missing, we try via CmdExec
if (empty_or_null(path))
{
key_cmdexec = "SOFTWARE\Microsoft\Microsoft SQL Server\" + item + "\SQLServerAgent\SubSystems\CmdExec";
path = get_registry_value(handle:hklm, item:key_cmdexec);
if (!empty_or_null(path))
{
path = ereg_replace(pattern:"^(.*\\)[A-Za-z]+\.(DLL|dll).*", replace:"\1", string:path);
spad_log(message:'path: ' + obj_rep(path));
}
}
edition = get_registry_value(handle:hklm, item:key_part + "Edition");
editiontype = get_registry_value(handle:hklm, item:key_part + "EditionType");
key_part = "SOFTWARE\Microsoft\Microsoft SQL Server\" + item + "\MSSQLServer\CurrentVersion\";
version = get_registry_value(handle:hklm, item:key_part + "CSDVersion");
if(isnull(version))
version = get_registry_value(handle:hklm, item:key_part + "CurrentVersion");
# make sure we are able to verify install,
# get a version, and not a duplicate path
if(isnull(version) || isnull(path))
continue;
installs[path] = {};
if (item =~ mssql_str_pattern)
item = preg_replace(string:item, pattern:mssql_str_pattern, replace:'');
installs[path]['named_instance'] = item;
if ('.LOCALDB' >< item)
installs[path]['localdb'] = TRUE;
else
installs[path]['localdb'] = FALSE;
installs[path]['version'] = version;
if(!isnull(edition)) installs[path]['edition'] = edition;
if(!isnull(editiontype)) installs[path]['edition_type'] = editiontype;
if ('x86' >< smbarch)
{
installs[path]['arch'] = 'x86';
}
else
{
res = get_registry_value(handle:hklm, item:"SOFTWARE\Wow6432Node\Microsoft\Microsoft SQL Server\Instance Names\SQL\"+item);
if (res) installs[path]['arch'] = 'x86';
else installs[path]['arch'] = 'x64';
}
}
key = "SOFTWARE\Microsoft\MSSQLServer\SQLServerAgent\SubSystems\CmdExec";
path = get_registry_value(handle:hklm, item:key);
var key1;
if(!isnull(path))
{
path = ereg_replace(pattern:"^(.*\\)[A-Za-z]+\.(DLL|dll).*", replace:"\1", string:path);
if(!isnull(path) && isnull(installs[path]))
{
key = "SOFTWARE\Microsoft\MSSQLServer\MSSQLServer\CurrentVersion\CSDVersion";
key1 = "SOFTWARE\Microsoft\MSSQLServer\MSSQLServer\CurrentVersion\CurrentVersion";
version = get_registry_value(handle:hklm, item:key);
if(isnull(version))
version = get_registry_value(handle:hklm, item:key1);
if(!isnull(version))
{
installs[path] = {};
installs[path]['version'] = version;
}
}
}
spad_log(message:'MSSQL instance(s) found: ' + obj_rep(installs));
RegCloseKey(handle:hklm);
close_registry(close:FALSE);
var login = kb_smb_login();
var pass = kb_smb_password();
var domain = kb_smb_domain();
# verify installs and get sqlservr.exe file / file product version
var i, exe, exe_1, share, rc, fh, ret, tmp, children, varfileinfo, translation, stringfileinfo, data;
foreach path (keys(installs))
{
i = strlen(path);
if(path[i-1] == '\\')
exe = path + 'sqlservr.exe';
else
exe = path + '\\sqlservr.exe';
installs[path]['file_version'] = NULL;
installs[path]['file_product_version'] = NULL;
exe_1 = ereg_replace(pattern:"^[A-Za-z]:(.*)", replace:"\1", string:exe);
share = hotfix_path2share(path:exe);
rc = NetUseAdd(login:login, password:pass, domain:domain, share:share);
if (rc != 1)
{
NetUseDel(close:FALSE);
continue;
}
fh = CreateFile(
file:exe_1,
desired_access:GENERIC_READ,
file_attributes:FILE_ATTRIBUTE_NORMAL,
share_mode:FILE_SHARE_READ,
create_disposition:OPEN_EXISTING
);
if (!isnull(fh))
{
ret = GetFileVersionEx(handle:fh);
if (!isnull(ret) && !isnull(ret['dwFileVersionMS']) && !isnull(ret['dwFileVersionLS']))
{
tmp = [];
tmp[0] = ret['dwFileVersionMS'] >>> 16;
tmp[1] = ret['dwFileVersionMS'] & 0xFFFF;
tmp[2] = ret['dwFileVersionLS'] >>> 16;
tmp[3] = ret['dwFileVersionLS'] & 0xFFFF;
installs[path]['file_version'] = join(tmp, sep:'.');
if (!isnull(ret) && !isnull(ret['Children']))
{
children = ret['Children'];
varfileinfo = children['VarFileInfo'];
translation = NULL;
if(!isnull(varfileinfo) && !isnull(varfileinfo['Translation']))
{
translation =
(get_word (blob:varfileinfo['Translation'], pos:0) << 16) +
get_word (blob:varfileinfo['Translation'], pos:2);
translation = toupper(hexstr(mkdword(translation)));
}
stringfileinfo = children['StringFileInfo'];
if (!isnull(stringfileinfo) && !isnull(translation))
{
data = stringfileinfo[translation];
if (!isnull(data) && !isnull(data['ProductVersion']))
installs[path]['file_product_version'] = data['ProductVersion'];
}
}
}
CloseFile(handle:fh);
}
NetUseDel(close:FALSE);
}
if (len(installs) > 1)
report = strcat('\nNessus detected ', len(installs), ' installs of ', app, ':\n\n');
# Register and report
foreach path (keys(installs))
{
file_version = installs[path]['file_version'];
if(isnull(file_version))
continue;
file_product_version = installs[path]['file_product_version'];
version = installs[path]['version'];
edition = installs[path]['edition'];
editiontype = installs[path]['edition_type'];
arch = installs[path]['arch'];
named_instance = installs[path]['named_instance'];
# extra for register_install, so downstream vuln plugins can determine if the instance is localdb or not
localdb = installs[path]['localdb'];
extra['localdb'] = localdb;
if(!isnull(file_product_version))
{
file_version_parts = split(file_product_version, sep:'.', keep:FALSE);
version_parts = split(version, sep:'.', keep:FALSE);
# trust file product version over registry version
if(max_index(file_version_parts) > 2 &&
max_index(version_parts) > 2 &&
(
(int(file_version_parts[0]) != int(version_parts[0])) ||
(int(file_version_parts[1]) != int(version_parts[1])) ||
(int(file_version_parts[2]) != int(version_parts[2]))
)
)
{
version = file_version_parts[0] + '.';
# exception for version string construction
# for versions less than or equal to 9, we want to use
# v.00 rather than v.0
if(int(file_version_parts[0]) <= 9 && int(file_version_parts[1]) == 0)
version += '00.';
else version += file_version_parts[1] + '.';
version += file_version_parts[2];
if(!isnull(file_version_parts[3]))
version += '.' + file_version_parts[3];
}
}
verbose_version = get_verbose_version(version:version);
if(!isnull(arch))
set_kb_item(name:"mssql/installs/" + path + "/arch", value:arch);
if(!isnull(edition))
set_kb_item(name:"mssql/installs/" + path + "/edition", value:edition);
if(!isnull(editiontype))
set_kb_item(name:"mssql/installs/" + path + "/edition_type", value:editiontype);
set_kb_item(name:"mssql/installs/" + path + "/SQLVersion", value:version);
if(!isnull(verbose_version))
set_kb_item(name:"mssql/installs/" + path + "/SQLVerboseVersion", value:verbose_version);
set_kb_item(name:"mssql/installs/" + path + "/FileVersion", value:file_version);
set_kb_item(name:"mssql/installs/" + path + "/FileProductVersion", value:file_product_version);
if(!isnull(named_instance))
set_kb_item(name:"mssql/installs/" + path + "/NamedInstance", value:named_instance);
if (extra['localdb'] && extra['localdb'] == 1)
set_kb_item(name:"mssql/installs/" + path + "/localdb", value:TRUE);
else
set_kb_item(name:"mssql/installs/" + path + "/localdb", value:FALSE);
# collect files for vuln plugins and stores them in kb
append_to_files_info_list(files_info:files_info, version:version, path:path, arch:arch);
var product_version;
if (version =~ "^6\.0\.") product_version = 'SQL6.0';
else if (version =~ "^6\.5\d*\.") product_version = 'SQL6.5';
else if (version =~ "^7\.0\.") product_version = 'SQL7.0';
else if (version =~ "^8\.0\.") product_version = '2000';
else if (version =~ "^9\.0\.") product_version = '2005';
else if (version =~ "^10\.0\.") product_version = '2008';
else if (version =~ "^10\.5\d*\.") product_version = '2008-R2';
else if (version =~ "^11\.0\.") product_version = '2012';
else if (version =~ "^12\.0\.") product_version = '2014';
else if (version =~ "^13\.0\.") product_version = '2016';
else if (version =~ "^14\.0\.") product_version = '2017';
else if (version =~ "^15\.0\.") product_version = '2019';
else if (version =~ "^16\.0\.") product_version = '2022';
extra['arch'] = arch;
extra['instance_name'] = get_kb_item('mssql/installs/' + path + '/NamedInstance');
extra['local_db'] = get_kb_item('mssql/installs/' + path + '/localdb');
share = hotfix_path2share(path:path);
extra['is_accessible_share'] = is_accessible_share(share:share);
register_install(
vendor : "Microsoft",
product : "SQL Server",
app_name : app,
vendor : 'Microsoft',
product : 'SQL Server',
sw_edition : editiontype,
target_hw : arch,
version : version,
product_version : product_version,
path : path,
cpe : cpe,
files : files_info,
extra : extra
);
# build the report
if (!empty_or_null(verbose_version))
{
version += ' (' + verbose_version + ')';
report += ' Version : ' + version + '\n';
}
else
{
report += ' Version : ' + version + '\n';
}
if (!empty_or_null(edition))
report += ' Edition : ' + edition + '\n';
if (!empty_or_null(path))
report += ' Path : ' + path + '\n';
if (!empty_or_null(named_instance))
report += ' Named Instance : ' + named_instance + '\n';
# Check for recommended version
version = split(version, sep:".", keep:FALSE);
# MSSQL <= 7
lv = split (last_version7, sep:".", keep:FALSE);
if ( (int(version[0]) < int(lv[0])) ||
( (int(version[0]) == int(lv[0])) && (int(version[1]) == int(lv[1])) && (int(version[2]) < int(lv[2])) ) )
report += " Recommended Version : " + last_version7 + " (" + version7[last_version7] + ').\n';
# MSSQL 2000
lv = split (last_version8, sep:".", keep:FALSE);
if ( (int(version[0]) == int(lv[0])) &&
(int(version[1]) == int(lv[1])) &&
(int(version[2]) < int(lv[2])) )
report += " Recommended Version : " + last_version8 + " (" + version8[last_version8] + ').\n';
# MSSQL 2005
lv = split (last_version9, sep:".", keep:FALSE);
if ( (int(version[0]) == int(lv[0])) &&
(int(version[1]) == int(lv[1])) &&
(int(version[2]) < int(lv[2])) )
report += " Recommended Version : " + last_version9 + " (" + version9[last_version9] + ').\n';
# MSSQL 2008
lv = split (last_version10, sep:".", keep:FALSE);
if ( (int(version[0]) == int(lv[0])) &&
(int(version[1]) == int(lv[1])) &&
(int(version[2]) < int(lv[2])) )
report += " Recommended Version : " + last_version10 + " (" + version10[last_version10] + ').\n';
# MSSQL 2008 R2
lv = split (last_version10_50, sep:".", keep:FALSE);
if ( (int(version[0]) == int(lv[0])) &&
(int(version[1]) == int(lv[1])) &&
(int(version[2]) < int(lv[2])) )
report += " Recommended Version : " + last_version10_50 + " (" + version10_50[last_version10_50] + ').\n';
# MSSQL 2012
lv = split (last_version11, sep:".", keep:FALSE);
if ( (int(version[0]) == int(lv[0])) &&
(int(version[1]) == int(lv[1])) &&
(int(version[2]) < int(lv[2])) )
report += " Recommended Version : " + last_version11 + " (" + version11[last_version11] + ').\n';
# MSSQL 2014
lv = split (last_version12, sep:".", keep:FALSE);
if ( (int(version[0]) == int(lv[0])) &&
(int(version[1]) == int(lv[1])) &&
(int(version[2]) < int(lv[2])) )
report += " Recommended Version : " + last_version12 + " (" + version12[last_version12] + ').\n';
# MSSQL 2016
lv = split (last_version16, sep:".", keep:FALSE);
if ( (int(version[0]) == int(lv[0])) &&
(int(version[1]) == int(lv[1])) &&
(int(version[2]) < int(lv[2])) )
report += " Recommended Version : " + last_version16 + " (" + version16[last_version16] + ').\n';
report += '\n';
}
if (report != '')
{
set_kb_item(name:"mssql/installed", value:TRUE);
if (report_verbosity > 0) security_report_v4(port:port, severity:SECURITY_NOTE, extra:report);
else security_report_v4(port:port, severity:SECURITY_NOTE);
}
else
{
audit(AUDIT_NOT_INST, 'Microsoft SQL Server');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| microsoft | sql_server | cpe:/a:microsoft:sql_server |