[NT] Vulnerabilities in Microsoft SQL Server Allows Elevation of Privilege (MS08-040)
- From: SecuriTeam <support@xxxxxxxxxxxxxx>
- Date: 9 Jul 2008 14:16:04 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Vulnerabilities in Microsoft SQL Server Allows Elevation of Privilege
(MS08-040)
------------------------------------------------------------------------
SUMMARY
This security update resolves four privately disclosed vulnerabilities.
The more serious of the vulnerabilities could allow an attacker to run
code and to take complete control of an affected system. An authenticated
attacker could then install programs; view, change, or delete data; or
create new accounts with full administrative rights.
This security update is rated Important for supported releases of SQL
Server 7.0, SQL Server 2000, SQL Server 2005, Microsoft Data Engine (MSDE)
1.0, Microsoft SQL Server 2000 Desktop Engine (MSDE 2000), Microsoft SQL
Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine
(WMSDE), and Windows Internal Database (WYukon). For more information, see
the subsection, Affected and Non-Affected Software, in this section.
DETAILS
Affected Software:
*
<http://www.microsoft.com/downloads/details.aspx?familyid=C95B2CB3-51A4-44E4-B9F4-9416E9CE16A0> SQL Server 7.0 Service Pack 4 (KB948113) - <http://www.microsoft.com/downloads/details.aspx?familyid=C95B2CB3-51A4-44E4-B9F4-9416E9CE16A0> SQL Server 7.0 Service Pack 4 (KB948113) - Elevation of Privilege - Important - None
*
<http://www.microsoft.com/downloads/details.aspx?familyid=4FD1F86A-94A2-43D8-9B0A-774C81426D9E> SQL Server 2000 Service Pack 4 (KB948110) - <http://www.microsoft.com/downloads/details.aspx?familyid=8316BC5E-8C2D-4710-8ACC-B815CCC81CD4> SQL Server 2000 Service Pack 4 (KB948111) - Elevation of Privilege - Important - None
*
<http://www.microsoft.com/downloads/details.aspx?familyid=4FD1F86A-94A2-43D8-9B0A-774C81426D9E> SQL Server 2000 Itanium-based Edition Service Pack 4 (KB948110) - <http://www.microsoft.com/downloads/details.aspx?familyid=8316BC5E-8C2D-4710-8ACC-B815CCC81CD4> SQL Server 2000 Itanium-based Edition Service Pack 4 (KB948111) - Elevation of Privilege - Important - None
*
<http://www.microsoft.com/downloads/details.aspx?familyid=4C9851CC-2C4C-4190-872C-84993A7623B7> SQL Server 2005 Service Pack 2 (KB948109) - <http://www.microsoft.com/downloads/details.aspx?familyid=A60BB7E7-EF4E-4CBD-B63A-0AD7BD1402B3> SQL Server 2005 Service Pack 2 (KB948108) - Elevation of Privilege - Important - None
*
<http://www.microsoft.com/downloads/details.aspx?familyid=4C9851CC-2C4C-4190-872C-84993A7623B7> SQL Server 2005 x64 Edition Service Pack 2 (KB948109) - <http://www.microsoft.com/downloads/details.aspx?familyid=A60BB7E7-EF4E-4CBD-B63A-0AD7BD1402B3> SQL Server 2005 x64 Edition Service Pack 2 (KB948108) - Elevation of Privilege - Important - None
*
<http://www.microsoft.com/downloads/details.aspx?familyid=4C9851CC-2C4C-4190-872C-84993A7623B7> SQL Server 2005 with SP2 for Itanium-based Systems (KB948109) - <http://www.microsoft.com/downloads/details.aspx?familyid=A60BB7E7-EF4E-4CBD-B63A-0AD7BD1402B3> SQL Server 2005 with SP2 for Itanium-based Systems (KB948108) - Elevation of Privilege - Important - None
*
<http://www.microsoft.com/downloads/details.aspx?familyid=C95B2CB3-51A4-44E4-B9F4-9416E9CE16A0> Microsoft Data Engine (MSDE) 1.0 Service Pack 4 (KB948113) - <http://www.microsoft.com/downloads/details.aspx?familyid=C95B2CB3-51A4-44E4-B9F4-9416E9CE16A0> Microsoft Data Engine (MSDE) 1.0 Service Pack 4 (KB948113) - Elevation of Privilege - Important - None
*
<http://www.microsoft.com/downloads/details.aspx?familyid=4FD1F86A-94A2-43D8-9B0A-774C81426D9E> Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) Service Pack 4 (KB948110) - <http://www.microsoft.com/downloads/details.aspx?familyid=8316BC5E-8C2D-4710-8ACC-B815CCC81CD4> Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) Service Pack 4 (KB948111) - Elevation of Privilege - Important - None
*
<http://www.microsoft.com/downloads/details.aspx?familyid=4C9851CC-2C4C-4190-872C-84993A7623B7> Microsoft SQL Server 2005 Express Edition Service Pack 2 (KB948109) - <http://www.microsoft.com/downloads/details.aspx?familyid=A60BB7E7-EF4E-4CBD-B63A-0AD7BD1402B3> Microsoft SQL Server 2005 Express Edition Service Pack 2 (KB948108) - Elevation of Privilege - Important - None
*
<http://www.microsoft.com/downloads/details.aspx?familyid=4C9851CC-2C4C-4190-872C-84993A7623B7> Microsoft SQL Server 2005 Express Edition with Advanced Services Service Pack 2 (KB948109) - <http://www.microsoft.com/downloads/details.aspx?familyid=A60BB7E7-EF4E-4CBD-B63A-0AD7BD1402B3> Microsoft SQL Server 2005 Express Edition with Advanced Services Service Pack 2 (KB948108) - Elevation of Privilege - Important - None
Windows Components:
* Microsoft Windows 2000 Service Pack 4 -
<http://www.microsoft.com/downloads/details.aspx?familyid=1c0ae18b-1f17-44b3-a337-b36e7de437a7> Microsoft SQL Server 2000 Desktop Engine (WMSDE) (KB948110) - Elevation of Privilege - Important - None
* Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack
2 -
<http://www.microsoft.com/downloads/details.aspx?familyid=1c0ae18b-1f17-44b3-a337-b36e7de437a7> Microsoft SQL Server 2000 Desktop Engine (WMSDE) (KB948110) - Elevation of Privilege - Important - None
* Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack
2 -
<http://www.microsoft.com/downloads/details.aspx?familyid=48f6aaa5-49fc-4a16-bc34-8514e214b8cf> Windows Internal Database (WYukon) Service Pack 2 (KB948109) - Elevation of Privilege - Important - None
* Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition
Service Pack 2 -
<http://www.microsoft.com/downloads/details.aspx?familyid=1c0ae18b-1f17-44b3-a337-b36e7de437a7> Microsoft SQL Server 2000 Desktop Engine (WMSDE) (KB948110) - Elevation of Privilege - Important - None
* Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition
Service Pack 2 -
<http://www.microsoft.com/downloads/details.aspx?familyid=48f6aaa5-49fc-4a16-bc34-8514e214b8cf> Windows Internal Database (WYukon) x64 Edition Service Pack 2 (KB948109) - Elevation of Privilege - Important - None
* Windows Server 2008 for 32-bit Systems* -
<http://www.microsoft.com/downloads/details.aspx?familyid=48f6aaa5-49fc-4a16-bc34-8514e214b8cf> Windows Internal Database (WYukon) Service Pack 2 (KB948109) - Elevation of Privilege - Important - None
* Windows Server 2008 for x64-based Systems* -
<http://www.microsoft.com/downloads/details.aspx?familyid=48f6aaa5-49fc-4a16-bc34-8514e214b8cf> Windows Internal Database (WYukon) x64 Edition Service Pack 2 (KB948109) - Elevation of Privilege - Important - None
*Windows Server 2008 server core installation affected. For supported
editions of Windows Server 2008, this update applies, with the same
severity rating, whether or not Windows Server 2008 was installed using
the Server Core installation option.
Memory Page Reuse Vulnerability - CVE-2008-0085
An information disclosure vulnerability exists in the way that SQL Server
manages memory page reuse. An attacker with database operator access who
successfully exploited this vulnerability could access customer data.
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0085>
CVE-2008-0085
Convert Buffer Overrun - CVE-2008-0086
A vulnerability exists in the convert function in SQL Server that could
allow an authenticated attacker to gain elevation of privilege. An
attacker who successfully exploited this vulnerability could run code and
take complete control of the system.
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0086>
CVE-2008-0086
SQL Server Memory Corruption Vulnerability - CVE-2008-0107
A vulnerability exists in SQL Server that could allow an authenticated
attacker to gain elevation of privilege. An attacker who successfully
exploited this vulnerability could run code and take complete control of
the system.
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0107>
CVE-2008-0107
SQL Server Buffer Overrun Vulnerability - CVE-2008-0106
A vulnerability exists in SQL Server that could allow an authenticated
attacker to gain elevation of privilege. An attacker who successfully
exploited this vulnerability could run code and take complete control of
the system.
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0106>
CVE-2008-0106
ADDITIONAL INFORMATION
The information has been provided by Microsoft Product Security.
The original article can be found at:
<http://www.microsoft.com/technet/security/bulletin/ms08-040.mspx>
http://www.microsoft.com/technet/security/bulletin/ms08-040.mspx
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Prev by Date: [UNIX] Libpoppler Uninitialized Pointer (Technical Details, PoC)
- Next by Date: [NT] Vulnerabilities in Outlook Web Access for Exchange Server Allows Elevation of Privilege (MS08-039)
- Previous by thread: [UNIX] Libpoppler Uninitialized Pointer (Technical Details, PoC)
- Next by thread: [NT] Vulnerabilities in Outlook Web Access for Exchange Server Allows Elevation of Privilege (MS08-039)
- Index(es):
Relevant Pages
|
