Published: 2008-12-28T09:09+00:00
Last Updated: 2009-02-14T02:51+00:00
JVNTR-2008-09
Microsoft SQL Server fails to properly validate parameters to the sp_replwriterovarbin extended stored procedure
Overview
A vulnerability the Microsoft SQL Server sp_replwriterovarbin extended stored procedure could allow an authenticated attacker to execute arbitrary code on an affected server.
Event Information
| Date (UTC) | Description |
| 2009-02-10 21:51 |
Microsoft Microsoft Security Advisory (961040): Vulnerability in SQL Server Could Allow Remote Code Execution SQL Server sp_replwritetovarbin Limited Memory Overwrite Vulnerability (MS09-004, CVE-2008-5416) Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS09-004 to address this issue. |
| 2008-12-23 22:50 |
Symantec ThreatCON (2) => (1) Microsoft released Security Advisory 961040 to acknowledge a vulnerability affecting SQL Server that was originally disclosed on December 9, 2008. Users are advised to review the advisory and apply the suggested workaround. |
| 2008-12-23 14:13 |
SANS Internet Storm Center MS ACK's Vulnerability in SQL Server which Could Allow Remote Code Execution According to published reports, the vulnerability was reported to Microsoft in April and "a fix for this vulnerability has been completed", but there's no patch release date mentioned at this time. Exploit code is available. |
| 2008-12-23 12:29 |
US-CERT Microsoft Releases Security Advisory (961040) US-CERT Current Activity Microsoft has released Security Advisory 961040 to address reports of attacks against a new vulnerability in Microsoft SQL Server 2000, Microsoft SQL Server 2005, Microsoft SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine, Microsoft SQL Server 2000 Desktop Engine, and Windows Internal Database. |
| 2008-12-23 06:59 |
Microsoft Microsoft Security Advisory (961040): Vulnerability in SQL Server Could Allow Remote Code Execution Advisory published. Microsoft is investigating new public reports of a vulnerability that could allow remote code execution on systems with supported editions of Microsoft SQL Server 2000, Microsoft SQL Server 2005, Microsoft SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine (MSDE 2000), Microsoft SQL Server 2000 Desktop Engine (WMSDE), and Windows Internal Database (WYukon). |
| 2008-12-23 04:51 |
Microsoft Security Response Center Blog Tuesday 12/23 Update: Microsoft Security Advisory 961040 In the advisory we provide a workaround to help customers protect themselves from attackers trying to exploit this vulnerability. |
| 2008-12-22 03:34 |
Microsoft Security Response Center Blog Microsoft Security Advisory 961040 This advisory contains information regarding public reports of a vulnerability in SQL Server that could allow for remote code execution. We are aware that exploit code has been published on the Internet; however, we are not aware of any attacks attempting to use the reported vulnerability. |
| 2008-12-17 |
Bugtraq Microsoft SQL Server sp_replwritetovarbin() Heap Overflow Exploit sp_replwriterovarbin stored procedure vulnerability (CVE-2008-4270) #Cid: 32710.html #Tested: Windows 2000 SP4 + SQL Server 2000 #Tested: cpe:/o:microsoft:windows_2000::sp4 + cpe:/a:microsoft:sql_server:2000 |
| 2008-12-09 12:16 |
Bugtraq Microsoft SQL Server sp_replwritetovarbin limited memory overwrite vulnerability sp_replwriterovarbin stored procedure vulnerability (CVE-2008-4270) #Cid: 32710.sql #Tested: SQL Server 2000 #Tested: SQL Server 2005 #Tested: cpe:/a:microsoft:sql_server:2000 #Tested: cpe:/a:microsoft:sql_server:2005 |
| 2008-04-17 |
SEC Consult SA-20081209: Microsoft SQL Server sp_replwritetovarbin limited memory overwrite vulnerability Vulnerability Reported By calling the extended stored procedure sp_replwritetovarbin, and supplying several uninitialized variables as parameters, it is possible to trigger a memory write to a controlled location. Depending on the underlying Windows version, it is / may be possible to use this vulnerability to execute arbitrary code in the context of the vulnerable SQL server process. |