CERTVU:584868Microsoft SQL Server vulnerable to buffer overflow
0.0004 Low
EPSS
Percentile
9.5%
Overview
Microsoft SQL Server contains a buffer overflow vulnerability. A local attacker could leverage this vulnerability to gain elevated privileges and/or execute arbitrary code.
Description
Quoting from Microsoft Security Bulletin MS03-031:
A flaw exists in a specific Windows function that may allow an authenticated user with direct access to log on to the system running SQL Server the ability create a specially crafted packet that, when sent to the listening local procedure call (LPC) port of the system, could cause a buffer overrun. If successfully exploited, this could allow a user with limited permissions on the system to elevate their permissions to the level of the SQL Server service account, or cause arbitrary code to run.
Impact
This vulnerability may allow a remote attacker to gain privileges equivalent to the SQL Server Service account, or execute arbitrary code with the privileges of the SQL Server Service. Quoting from Microsoft Security Bulletin MS03-031:
Code running with service account permissions could provide an attacker with the ability to take full control over the database and the data contained within it.
Solution
Apply a patch as described in Microsoft Security Bulletin MS03-031.
Vendor Information
584868
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Microsoft Corporation __ Affected
Updated: July 24, 2003
Status
Affected
Vendor Statement
<http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-031.asp>
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23584868 Feedback>).
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- <http://www.microsoft.com/security/security_bulletins/ms03-031.asp>
- <http://www.theage.com.au/articles/2003/07/24/1058853175217.html>
- <http://www.microsoft.com/technet/security/bulletin/MS03-031.asp>
- <http://www.infoworld.com/article/03/07/24/HNdirectxflaws_1.html>
- <http://www.atstake.com/research/advisories/2003/a072303-3.txt>
- <http://www.pcpro.co.uk/news/news_story.php?id=45274>
- <http://www.atnewyork.com/news/article.php/2239961>
- <http://news.bbc.co.uk/1/hi/technology/3092399.stm>
- <http://www.theregister.co.uk/content/55/31931.html>
- <http://news.com.com/2100-1002_3-5053428.html>
- <http://www.msnbc.com/news/943355.asp>
- <http://www.theinquirer.net/?article=10647>
Acknowledgements
This vulnerability was discovered by Andreas Junstream of @Stake. The CERT/CC thanks Microsoft for providing Microsoft Security Bulletin MS03-031, upon which the majority of this document is based.
This document was written by Ian A Finlay.
Other Information
| CVE IDs: | CVE-2003-0232 |
|---|---|
| Severity Metric: | 36.00 Date Public: |
References
news.bbc.co.uk/1/hi/technology/3092399.stm
news.com.com/2100-1002_3-5053428.html
www.atnewyork.com/news/article.php/2239961
www.atstake.com/research/advisories/2003/a072303-3.txt
www.infoworld.com/article/03/07/24/HNdirectxflaws_1.html
www.microsoft.com/security/security_bulletins/ms03-031.asp
www.microsoft.com/technet/security/bulletin/MS03-031.asp
www.msnbc.com/news/943355.asp
www.pcpro.co.uk/news/news_story.php?id=45274
www.theage.com.au/articles/2003/07/24/1058853175217.html
www.theinquirer.net/?article=10647
www.theregister.co.uk/content/55/31931.html
Related
