Microsoft SQL Server spreplwritetovarbin Buffer Overflow

Added: 04/29/2009
CVE: CVE-2008-5416
BID: 32710
OSVDB: 50917

Background

Microsoft SQL Server is a database server package for Windows platforms.

Problem

A buffer overflow vulnerability in the spreplwritetovarbin stored procedure allows remote, authenticated attackers to execute arbitrary commands by specifying invalid parameters.

Resolution

Apply the appropriate update referenced in the Microsoft MS09-004 Security Bulletin.

References

http://www.microsoft.com/technet/security/Bulletin/MS09-004.mspx
http://archives.neohapsis.com/archives/fulldisclosure/2008-12/0304.html
http://www.sec-consult.com/files/20081209_mssql-2000-sp_replwritetovarbin_memwrite.txt

Limitations

Exploit works against SQL Server 2000 SP4, SQL Server 2005 SP0/SP1/SP2.
Exploit works on Windows 2000 SP4 or Windows 2003 SP0/SP0/SP2 with DEP enabled or disabled.

Exploit requires the login and password of a database user.
Alternativly the exploit procedure can be accessed through a SQL injection vulnerability.

Exploit requires the sqsh utility, which can be downloaded from http://www.sqsh.org/ or through a distribution repository.

Platforms

Windows Server 2003 SP2 / Windows Server 2003
Windows Server 2003 SP1
Windows Server 2003 SP0
Windows 2000

Back to exploit index