Vigil@nce: Microsoft SQL Server privilege elevation via sp_replwritetovarbin
December 2008 by Vigil@nce
An attacker can use sp_replwritetovarbin to corrupt the memory in
order to execute code with privileges of SQL Server.
– Gravity: 2/4
– Consequences: privileged access/rights
– Provenance: user account
– Means of attack: 1 attack
– Ability of attacker: technician (2/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 09/12/2008
– Revision date: 10/12/2008
IMPACTED PRODUCTS
– Microsoft SQL Server
DESCRIPTION
The sp_replwritetovarbin stored procedure is used during the
replication.
When the fifth parameter of sp_replwritetovarbin is malformed, a
memory corruption occurs.
An authenticated attacker can therefore corrupt the memory in
order to execute code with privileges of SQL Server.
CHARACTERISTICS
– Identifiers: BID-32710, CVE-2008-5416, SA-20081109-0,
VIGILANCE-VUL-8299
– Url: http://vigilance.fr/vulnerability/8299