Executive Summary
Summary | |
---|---|
Title | Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203) |
Informations | |||
---|---|---|---|
Name | MS08-040 | First vendor Publication | 2008-07-08 |
Vendor | Microsoft | Last vendor Modification | 2009-03-18 |
Severity (Vendor) | Important | Revision | 1.9 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:S/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.9 (March 18, 2009): Corrected product instance names from "ADMT" and "ADS" to "MS_ADMT" and "MicrosoftADS", respectively. These are instance names referenced in the Security Update Deployment section for the Microsoft SQL Server 2000 Desktop Engine (WMSDE). This is an informational change only that does not affect the files contained in the update. Customers who have successfully updated their systems do not need to reinstall this update.Summary: This security update resolves four privately disclosed vulnerabilities. The more serious of the vulnerabilities could allow an attacker to run code and to take complete control of an affected system. An authenticated attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/MS08-040.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
25 % | CWE-200 | Information Exposure |
25 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:13785 | |||
Oval ID: | oval:org.mitre.oval:def:13785 | ||
Title: | Buffer Overrun Vulnerability in SQL Server | ||
Description: | Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-0106 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Server 2008 | Product(s): | Microsoft SQL Server 2005 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13936 | |||
Oval ID: | oval:org.mitre.oval:def:13936 | ||
Title: | Memory Corruption Vulnerability in SQL Server | ||
Description: | Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 allows remote authenticated users to execute arbitrary code via a (1) SMB or (2) WebDAV pathname for an on-disk file (aka stored backup file) with a crafted record size value, which triggers a heap-based buffer overflow, aka "SQL Server Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-0107 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Server 2008 | Product(s): | Microsoft SQL Server 2000 Microsoft SQL Server 2005 Microsoft SQL Server 2000 Desktop Engine (WMSDE) Windows Internal Database (WYukon) |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14052 | |||
Oval ID: | oval:org.mitre.oval:def:14052 | ||
Title: | Convert Buffer Overrun Vulnerability in SQL Server | ||
Description: | Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-0086 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Server 2008 | Product(s): | Microsoft SQL Server 2000 Microsoft SQL Server 2000 Desktop Engine (WMSDE) |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14213 | |||
Oval ID: | oval:org.mitre.oval:def:14213 | ||
Title: | Memory Page Reuse Vulnerability in SQL Server | ||
Description: | SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 does not initialize memory pages when reallocating memory, which allows database operators to obtain sensitive information (database contents) via unknown vectors related to memory page reuse. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-0085 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Server 2008 | Product(s): | Microsoft SQL Server 2000 Microsoft SQL Server 2005 Microsoft SQL Server 2000 Desktop Engine (WMSDE) Windows Internal Database (WYukon) |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-03-16 | Name : VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCe... File : nvt/gb_VMSA-2011-0003.nasl |
2008-10-14 | Name : MS SQL Server Elevation of Privilege Vulnerabilities (941203) File : nvt/gb_ms08-040.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
46773 | Microsoft SQL Server Memory Page Reuse Information Disclosure |
46772 | Microsoft SQL Server Convert Function Overflow |
46771 | Microsoft SQL Server Stored Backup File Processing Memory Corruption Arbitrar... |
46770 | Microsoft SQL Server Crafted Insert Statement Overflow |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2011-05-12 | IAVM : 2011-A-0066 - Multiple Vulnerabilities in VMware Products Severity : Category I - VMSKEY : V0027158 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | MSSQL CONVERT function unicode buffer overflow attempt RuleID : 21085 - Revision : 3 - Type : SERVER-MSSQL |
2014-01-10 | MSSQL CONVERT function buffer overflow attempt RuleID : 21084 - Revision : 3 - Type : SERVER-MSSQL |
2014-01-10 | Microsoft SQL Server INSERT Statement Buffer Overflow attempt RuleID : 17307 - Revision : 7 - Type : SERVER-MSSQL |
2014-01-10 | Suspicious ansi_padding option RuleID : 16075 - Revision : 7 - Type : SQL |
2014-01-10 | Suspicious ansi_padding option RuleID : 16074 - Revision : 4 - Type : SQL |
2014-01-10 | MS-SQL convert function unicode overflow RuleID : 16073 - Revision : 8 - Type : OS-WINDOWS |
2014-01-10 | Microsoft SQL server MTF file download RuleID : 13896 - Revision : 14 - Type : SERVER-MSSQL |
2014-01-10 | Convert function style overwrite RuleID : 13892 - Revision : 9 - Type : SERVER-MSSQL |
2014-01-10 | Memory page overwrite attempt RuleID : 13891 - Revision : 10 - Type : SERVER-MSSQL |
2014-01-10 | Microsoft SQL Server Backup Database File integer overflow attempt RuleID : 13890 - Revision : 13 - Type : FILE-OTHER |
2014-01-10 | Microsoft SQL Server Backup Database File integer overflow attempt RuleID : 13889 - Revision : 13 - Type : FILE-OTHER |
2014-01-10 | Microsoft SQL Server Backup Database File integer overflow attempt RuleID : 13888 - Revision : 13 - Type : FILE-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2011-0003_remote.nasl - Type : ACT_GATHER_INFO |
2011-02-14 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2011-0003.nasl - Type : ACT_GATHER_INFO |
2008-09-29 | Name : The remote SQL server is affected by multiple vulnerabilities. File : smb_kb941203.nasl - Type : ACT_GATHER_INFO |
2008-07-08 | Name : The remote Microsoft SQL Server install is vulnerable to memory corruption fl... File : smb_nt_ms08-040.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:46:00 |
|
2014-01-19 21:30:13 |
|
2013-05-11 00:49:21 |
|