Insomnia : ISVA-080709.1 - Microsoft SQL Server - Corrupt Backup File Heap Overflow

Insomnia Security Vulnerability Advisory: ISVA-080709.1 Name: Microsoft SQL Server - Corrupt Backup File Heap Overflow Released: 09 July 2008 Vendor Link: http://www.microsoft.com/sql/default.mspx Affected Products: MS SQL Server 2005, possibly previous versions Original Advisory:...

iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability

iDefense Security Advisory 07.08.08 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 08, 2008 I. BACKGROUND SQL Server is Microsoft's database server product. It supports the restoration and inspection of backups via SQL statements. For more information see the vendor's website found at...

Microsoft SQL Server磁盘数据结构整数溢出漏洞（MS08-040）

BUGTRAQ ID: 30119 CVECAN ID: CVE-2008-0107 Microsoft SQL Server是一款流行的SQL数据库系统。 SQL Server负责解析存储备份数据的代码存在漏洞，该段代码从文件获得了代表记录大小的32位整数值用于计算所要读取到堆缓冲区的字节数。这个计算可能下溢，导致分配不充分的内存，之后的操作会触发溢出。 如果要利用这个漏洞，攻击者必须能够诱骗服务器加载特制的备份文件，可通过提交到远程文件的路径或使用SMB/WebDAV来实现。 Microsoft SQL Server 7.0 SP4 Microsoft SQL Server 2005...

Microsoft Security Bulletin MS08-040 – Important Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203)

Microsoft Security Bulletin MS08-040 – Important Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege 941203 Published: July 8, 2008 Version: 1.0 General Information Executive Summary This security update resolves four privately disclosed vulnerabilities. The more serious of...

Design/Logic Flaw

SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine MSDE 2000 SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine WMSDE; Microsoft Data Engine MSDE 1.0 SP4; and Internal Database WYukon SP2 does not initialize memory pages when reallocating memory, which allows database...

CVE-2008-0107

Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine MSDE 2000 SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine WMSDE; Microsoft Data Engine MSDE 1.0 SP4; and Internal Database WYukon SP2 allows remote authenticated users to execute arbitrary code...

Buffer overflow

Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine MSDE 2000 SP4, and 2000 Desktop Engine WMSDE allows remote authenticated users to execute arbitrary code via a crafted SQL expression...

CVE-2008-0085

SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine MSDE 2000 SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine WMSDE; Microsoft Data Engine MSDE 1.0 SP4; and Internal Database WYukon SP2 does not initialize memory pages when reallocating memory, which allows database...

CVE-2008-0106

Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement...

CVE-2008-0086

Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine MSDE 2000 SP4, and 2000 Desktop Engine WMSDE allows remote authenticated users to execute arbitrary code via a crafted SQL expression...

Integer overflow

Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine MSDE 2000 SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine WMSDE; Microsoft Data Engine MSDE 1.0 SP4; and Internal Database WYukon SP2 allows remote authenticated users to execute arbitrary code...

Buffer overflow

Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement...

CVE-2008-0085

CVE-2008-0085 describes a memory handling flaw in multiple SQL Server products (SQL Server 7.0, 2000, 2005 and related Desktop Engine variants) where memory pages are not initialized during reallocations, enabling a potential disclosure of sensitive data via memory-page reuse. Connected Microsoft...

CVE-2008-0106

CVE-2008-0106 describes a buffer overflow in Microsoft SQL Server 2005 SP1/SP2 and SQL Server 2005 Express SP1/SP2 that could allow remote authenticated users to execute arbitrary code via a crafted insert statement. The connected KB article MS08-040 (KB941203) confirms Microsoft released a secur...

CVE-2008-0086

CVE-2008-0086 corresponds to vulnerabilities addressed by MS08-040. The Connected KB (KB941203) states MS08-040 resolves four privately disclosed vulnerabilities in Microsoft SQL Server products, with the more serious one enabling code execution and full system compromise if exploited. The CVE de...

CVE-2008-0107

Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine MSDE 2000 SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine WMSDE; Microsoft Data Engine MSDE 1.0 SP4; and Internal Database WYukon SP2 allows remote authenticated users to execute arbitrary code...

CVE-2008-0106

Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement...

CVE-2008-0085

SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine MSDE 2000 SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine WMSDE; Microsoft Data Engine MSDE 1.0 SP4; and Internal Database WYukon SP2 does not initialize memory pages when reallocating memory, which allows database...

CVE-2008-0107

CVE-2008-0107 is a memory corruption vulnerability in multiple SQL Server lineage components (SQL Server 7.0, SQL Server 2000/2005, MSDE/WYukon) triggered by a crafted on-disk file path supplied via SMB or WebDAV, leading to a heap-based buffer overflow. The flaw permits remote authenticated user...

CVE-2008-0086

Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine MSDE 2000 SP4, and 2000 Desktop Engine WMSDE allows remote authenticated users to execute arbitrary code via a crafted SQL expression...