Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2008-2022 Tenable Network Security, Inc.SMB_NT_MS08-040.NASL
HistoryJul 08, 2008 - 12:00 a.m.

MS08-040: Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203)

2008-07-0800:00:00
This script is Copyright (C) 2008-2022 Tenable Network Security, Inc.
www.tenable.com
67
JSON

The remote host is running a version of Microsoft SQL Server, Desktop Engine or Internal Database that is vulnerable to multiple memory corruption issues.

These vulnerabilities may allow an attacker to gain elevates privileges on the server.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(33444);
  script_version("1.32");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");

  script_cve_id(
    "CVE-2008-0085",
    "CVE-2008-0086",
    "CVE-2008-0106",
    "CVE-2008-0107"
  );
  script_bugtraq_id(
    30082,
    30083,
    30118,
    30119
  );
  script_xref(name:"MSFT", value:"MS08-040");
  script_xref(name:"MSKB", value:"941203");

  script_name(english:"MS08-040: Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Microsoft SQL Server install is vulnerable to memory
corruption flaws.");
  script_set_attribute(attribute:"description", value:
"The remote host is running a version of Microsoft SQL Server, Desktop
Engine or Internal Database that is vulnerable to multiple memory
corruption issues.

These vulnerabilities may allow an attacker to gain elevates
privileges on the server.");
  script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2008/ms08-040");
  script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for SQL Server 7, 2000 and
2005.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(119, 189, 200);

  script_set_attribute(attribute:"vuln_publication_date", value:"2008/07/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2008/07/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2008/07/08");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:sql_server");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:data_engine");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2008-2022 Tenable Network Security, Inc.");

  script_dependencies("smb_hotfixes.nasl", "mssql_version.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, 1433, "Services/mssql", "Host/patch_management_checks");

  exit(0);
}

include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS08-040';
kb       = '941203';

kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

ver_list = get_kb_list("mssql/installs/*/SQLVersion");
if (isnull(ver_list)) audit(AUDIT_NOT_INST, "Microsoft SQL Server");

vuln = FALSE;

foreach item (keys(ver_list))
{
  item -= 'mssql/installs/';
  item -= '/SQLVersion';
  rootfile = item;

  share = hotfix_path2share(path:rootfile);
  if (!is_accessible_share(share:share)) continue;

  if ( ( hotfix_check_fversion(path:rootfile, file:"Sqlservr.exe", version:"2000.80.2050.0", min_version:"2000.80.2000.0", bulletin:bulletin, kb:kb) == HCF_OLDER ) ||
       ( hotfix_check_fversion(path:rootfile, file:"Sqlservr.exe", version:"2000.80.2273.0", min_version:"2000.80.2200.0", bulletin:bulletin, kb:kb) == HCF_OLDER ) ||
       ( hotfix_check_fversion(path:rootfile, file:"Sqlservr.exe", version:"2000.99.4.0", min_version:"2000.90.0.0", bulletin:bulletin, kb:kb) == HCF_OLDER ) ||
       ( hotfix_check_fversion(path:rootfile, file:"Sqlservr.exe", version:"2005.90.3068.0", min_version:"2005.90.3000.0", bulletin:bulletin, kb:kb) == HCF_OLDER ) ||
       ( hotfix_check_fversion(path:rootfile, file:"Sqlservr.exe", version:"2005.90.3233.0", min_version:"2005.90.3200.0", bulletin:bulletin, kb:kb) == HCF_OLDER ) )
  {
    set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
    hotfix_security_hole();
    vuln = TRUE;
  }
}
hotfix_check_fversion_end();
if (!vuln) audit(AUDIT_HOST_NOT, 'affected');
VendorProductVersionCPE
microsoftwindowscpe:/o:microsoft:windows
microsoftsql_servercpe:/a:microsoft:sql_server
microsoftdata_enginecpe:/a:microsoft:data_engine

Related

securityvulns 3
openvas 4
nessus 3
mskb 1
cert 1
prion 4
checkpoint_advisories 4
cve 4
seebug 1
securityvulns
securityvulns
Microsoft SQL Server multiple security vulnerabilities
2008-07-10 00:00:00
Microsoft Security Bulletin MS08-040 – Important Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203)
2008-07-09 00:00:00
iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability
2008-07-10 00:00:00
openvas
openvas
MS SQL Server Elevation of Privilege Vulnerabilities (941203)
2008-10-14 00:00:00
MS SQL Server Elevation of Privilege Vulnerabilities (941203)
2008-10-14 00:00:00
VMware ESXi/ESX Third party component updates (VMSA-2011-0003.2)
2012-03-16 00:00:00
nessus
nessus
MS08-040: Microsoft SQL Server Multiple Privilege Escalation (941203) (uncredentialed check)
2008-09-29 00:00:00
VMware ESX / ESXi Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0003) (remote check)
2016-03-04 00:00:00
VMSA-2011-0003 : Third-party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
2011-02-14 00:00:00
mskb
mskb
KB941203 - MS08-040: Vulnerabilities in Microsoft SQL Server could allow elevation of privilege
2020-10-20 07:12:26
cert
cert
Multiple DNS implementations vulnerable to cache poisoning
2008-07-08 00:00:00
prion
prion
Buffer overflow
2008-07-08 23:41:00
Buffer overflow
2008-07-08 23:41:00
Integer overflow
2008-07-08 23:41:00
checkpoint_advisories
checkpoint_advisories
Update Protection against Microsoft SQL Server Convert Function Buffer Overrun Vulnerability (MS08-040)
2008-07-18 00:00:00
Microsoft SQL Server CONVERT Function Buffer Overflow (MS08-040; CVE-2008-0086)
2009-10-25 00:00:00
Microsoft SQL Server INSERT Statement Buffer Overflow (MS08-040; CVE-2008-0106)
2009-11-04 00:00:00
cve
cve
CVE-2008-0086
2008-07-08 23:41:00
CVE-2008-0106
2008-07-08 23:41:00
CVE-2008-0107
2008-07-08 23:41:00
seebug
seebug
Microsoft SQL Server磁盘数据结构整数溢出漏洞(MS08-040)
2008-07-10 00:00:00
JSON
Related for SMB_NT_MS08-040.NASL
securityvulns3openvas4nessus3mskb1cert1prion4checkpoint_advisories4cve4seebug1