Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Bernhard Mueller (researchsec-consult.com)
Date: Wed Dec 10 2008 - 06:45:02 CST
Update to SEC Consult Security Advisory 20081210-0
(Microsoft SQL Server sp_replwritetovarbin limited memory overwrite
By calling the extended stored procedure sp_replwritetovarbin, an
attacker can write limited values to arbitrary locations in process
memory. This vulnerability has been described in a prior security
advisory for MS SQL Server 2000:
Moreno Zilli of Swisscom has reported that MS SQL Server 2005 is
vulnerable to the same attack. This has been confirmed in a lab test
conducted by SEC Consult.
Our public security advisory has been updated accordingly:
Remove the sp_replwriterovarbin extended stored procedure. Run the
following as an administrator:
execute dbo.sp_dropextendedproc 'sp_replwritetovarbin'
"Removing an Extended Stored Procedure from SQL Server"
According to an email received by Microsoft in September, a fix for this
vulnerability has been completed.
The release schedule for this fix is currently unknown.
Vendor notified: 2008-04-17
Vendor response: 2008-04-17
Last response from Microsoft: 09-29-2008
Request for update status 1: 10-14-2008
Request for update status 2: 10-29-2008
Request for update status 3: 11-12-2008
Request for update status 4
and prenotification about advisory release date: 11-28-2008
Public release: 12-09-2008
Update (added MS-SQL 2005): 12-10-2008
SEC Consult Unternehmensberatung GmbH
Tel.: +43 / 1 / 890 30 43 - 0
Fax.: +43 / 1 / 890 30 43 - 25
Mail: research at sec-consult dot com
EOF Bernhard Mueller / 2008
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/