Microsoft SQL Server 'sp_replwritetovarbin' Remote Memory Corruption Vulnerability

2008-12-0900:00:00

Symantec Security Response

www.symantec.com

JSON

Description

Microsoft SQL Server is prone to a remote memory-corruption vulnerability because it fails to properly handle user-supplied input. Authenticated attackers can exploit this issue to execute arbitrary code and completely compromise affected computers. Failed attacks will likely cause denial-of-service conditions. The issue affects the following: Microsoft SQL Server 2000 Microsoft SQL Server 2005

Technologies Affected

Microsoft SQL Server 2000 8.00.194
Microsoft SQL Server 2000
Microsoft SQL Server 2000 Desktop Engine
Microsoft SQL Server 2000 Desktop Engine
Microsoft SQL Server 2000 Desktop Engine SP1
Microsoft SQL Server 2000 Desktop Engine SP2
Microsoft SQL Server 2000 Desktop Engine SP3
Microsoft SQL Server 2000 Desktop Engine SP4
Microsoft SQL Server 2000 Itanium Edition
Microsoft SQL Server 2000 Itanium Edition SP1
Microsoft SQL Server 2000 Itanium Edition SP2
Microsoft SQL Server 2000 Itanium Edition SP3
Microsoft SQL Server 2000 Itanium Edition SP4
Microsoft SQL Server 2000 SP1
Microsoft SQL Server 2000 SP2
Microsoft SQL Server 2000 SP3
Microsoft SQL Server 2000 SP4
Microsoft SQL Server 2000 Sp3a
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Backward Compatibility 8.05.1054
Microsoft SQL Server 2005 Books Online 9.00.1399.06
Microsoft SQL Server 2005 Express Edition
Microsoft SQL Server 2005 Express Edition SP1
Microsoft SQL Server 2005 Express Edition SP2
Microsoft SQL Server 2005 Express Edition with Advanced Serv SP1
Microsoft SQL Server 2005 Express Edition with Advanced Serv SP2
Microsoft SQL Server 2005 Integration Services 9.1.2047.00
Microsoft SQL Server 2005 Itanium Edition
Microsoft SQL Server 2005 Itanium Edition SP1
Microsoft SQL Server 2005 Itanium Edition SP2
Microsoft SQL Server 2005 Reporting Services 9.00.1399.06
Microsoft SQL Server 2005 SP1
Microsoft SQL Server 2005 SP2
Microsoft SQL Server 2005 Tools 9.00.1399.06
Microsoft SQL Server 2005 Upgrade Advisor 9.00.2407.00
Microsoft SQL Server 2005 Yukon
Microsoft SQL Server 2005 x64 Edition SP1
Microsoft SQL Server 2005 x64 Edition SP2
Microsoft Windows 2000 Advanced Server SP4
Microsoft Windows 2000 Datacenter Server SP4
Microsoft Windows 2000 Professional SP4
Microsoft Windows 2000 Server SP4
Microsoft Windows Internal Database (WYukon)
Microsoft Windows Internal Database (WYukon) SP1
Microsoft Windows Internal Database (WYukon) SP2
Microsoft Windows Internal Database (WYukon) x64
Microsoft Windows Internal Database (WYukon) x64 SP1
Microsoft Windows Internal Database (WYukon) x64 SP2
VMWare Vcenter Update Manager 1.0
VMWare Vcenter Update Manager 4.0
VMWare Vcenter Update Manager 4.1
VMWare VirtualCenter 2.5
VMWare VirtualCenter 2.5 Update 1
VMWare VirtualCenter 2.5 Update 2
VMWare VirtualCenter 2.5 Update 4
VMWare VirtualCenter 2.5 Update 5
VMWare VirtualCenter 2.5 Update 6
VMWare VirtualCenter 2.5.Update 3 Build 11983
VMWare vCenter 4.0
VMWare vCenter 4.1

Recommendations

Disallow anonymous access to services. Permit access for trusted individuals only.
Permitting access only for trusted individuals will greatly reduce the likelihood of attacks.

Run all software as a nonprivileged user with minimal access rights.
To mitigate the impact of a successful exploit, run the affected application as a user with minimal access rights.

Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for signs of suspicious or anomalous activity. This may help detect malicious actions that an attacker may take after successfully exploiting vulnerabilities in applications. Review all applicable logs regularly.

Implement multiple redundant layers of security.
Since this issue may be leveraged to execute code, we recommend memory-protection schemes, such as nonexecutable stack/heap configurations and randomly mapped memory segments. This tactic may complicate exploit attempts of memory-corruption vulnerabilities.

Vendor updates are available. Please see the references for more information.

CPENameOperatorVersion
vmware virtualcentereq2.5 
vmware virtualcentereq2.5 Update 5 
vmware vcentereq4.0 
microsoft windowseq2000 Datacenter Server SP4 
microsoft sql servereq2000 
microsoft sql servereq2005 x64 Edition SP2 
microsoft sql servereq2000 Desktop Engine SP4 
microsoft sql servereq2000 Desktop Engine SP2 
microsoft sql servereq2000 SP1 
microsoft sql servereq2000 8.00.194 

Name	Operator	Version
vmware virtualcenter	eq	2.5
vmware virtualcenter	eq	2.5 Update 5
vmware vcenter	eq	4.0
microsoft windows	eq	2000 Datacenter Server SP4
microsoft sql server	eq	2000
microsoft sql server	eq	2005 x64 Edition SP2
microsoft sql server	eq	2000 Desktop Engine SP4
microsoft sql server	eq	2000 Desktop Engine SP2
microsoft sql server	eq	2000 SP1
microsoft sql server	eq	2000 8.00.194

Rows per page:

1-10 of 541

References

blogs.technet.com/msrc/archive/2008/12/23/tuesday-12-23-update-microsoft-security-advisory-961040.aspx

blogs.technet.com/swi/archive/2008/12/22/more-information-about-the-sql-stored-procedure-vulnerability.aspx

support.microsoft.com/kb/961040

www.sec-consult.com/files/20081209_mssql-2000-sp_replwritetovarbin_memwrite.txt

JSON