In association with heise online

09 December 2008, 15:30

Security vulnerability found in MS SQL Server 2000

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A vulnerability has been found in Microsoft's SQL Server 2000 that would allow an attacker to remotely execute code in the server. According to security consultants SEC Consult, the cause of the problem is a bug in the program's memory management. By calling the extended stored procedure sp_replwritetovarbin and supplying several uninitialised variables as parameters, it is possible to trigger a memory write to a controlled location. The report claims the success of an attack depends on the version of Windows being used. SEC Consult says it has developed an exploit that has successfully executed arbitrary code on a lab machine.

In a default configuration, the procedure is accessible by any authenticated user. In theory, the vulnerability can also be exploited via SQL injection in a vulnerable web application. SEC Consult say Microsoft has been aware of the problem since April this year. Despite the promise of a patch by September, a release date for the patch remains uncertain. SEC Consult recommends removal of the vulnerable procedure by running execute dbo.sp_dropextendedproc 'sp_replwritetovarbin'.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit