Vulnerability CVE-2008-0107 - CERT Civis.Net

Vulnerability Name:

CVE-2008-0107 (CCN-41461)

Assigned:

2008-07-08

Published:

2008-07-08

Updated:

2019-02-26

Summary:

Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 allows remote authenticated users to execute arbitrary code via a (1) SMB or (2) WebDAV pathname for an on-disk file (aka stored backup file) with a crafted record size value, which triggers a heap-based buffer overflow, aka "SQL Server Memory Corruption Vulnerability."

CVSS v3 Severity:

5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
6.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
4.8 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2008-0107

Source: CCN
Type: HP Security Bulletin HPSBST02350 SSRT080102 rev.1
Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-037 to MS08-040

Source: IDEFENSE
Type: UNKNOWN
20080708 Microsoft SQL Server Restore Integer Underflow Vulnerability

Source: CCN
Type: SA30970
Microsoft SQL Server and MSDE Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
30970

Source: CCN
Type: SA43206
VMware vCenter Server / Update Manager SQL Express Multiple Vulnerabilities

Source: CCN
Type: SECTRACK ID: 1020441
Microsoft SQL Server Bugs Let Remote Authenticated Users Obtain Information and Execute Arbitrary Code

Source: CCN
Type: ASA-2008-291
MS08-040 Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203)

Source: CCN
Type: NORTEL BULLETIN ID: 2008008958, Rev 1
Centrex IP Client Manager (CICM) response to Microsoft July security bulletin

Source: CCN
Type: Insomnia Security Vulnerability Advisory: ISVA-080709.1
Microsoft SQL Server - Corrupt Backup File Heap Overflow

Source: MISC
Type: UNKNOWN
http://www.insomniasec.com/advisories/ISVA-080709.1.htm

Source: CCN
Type: Microsoft Security Bulletin MS08-040
Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203)

Source: CCN
Type: Microsoft Security Bulletin MS09-004
Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420)

Source: BUGTRAQ
Type: UNKNOWN
20080708 Re: [Full-disclosure] iDefense Security Advisory 07.08.08: Microsoft SQL Server Restore Integer Underflow Vulnerability

Source: BUGTRAQ
Type: UNKNOWN
20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX

Source: BID
Type: UNKNOWN
30119

Source: CCN
Type: BID-30119
Microsoft SQL Server On-Disk MTF Data Structures Remote Memory Corruption Vulnerability

Source: SECTRACK
Type: UNKNOWN
1020441

Source: CERT
Type: US Government Resource
TA08-190A

Source: CCN
Type: VMSA-2011-0003
Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX

Source: CONFIRM
Type: UNKNOWN
http://www.vmware.com/security/advisories/VMSA-2011-0003.html

Source: CONFIRM
Type: UNKNOWN
http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html

Source: VUPEN
Type: Vendor Advisory
ADV-2008-2022

Source: MS
Type: UNKNOWN
MS08-040

Source: XF
Type: UNKNOWN
mssql-data-structure-bo(41461)

Source: CCN
Type: iDefense Labs PUBLIC ADVISORY: 07.08.08
Microsoft SQL Server Restore Integer Underflow Vulnerability

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:13936

Vulnerable Configuration:

Configuration 1:

cpe:/a:microsoft:data_engine:1.0:sp4:*:*:*:*:*:*

OR cpe:/a:microsoft:sql_server:7.0:sp4:*:*:*:*:*:*

OR cpe:/a:microsoft:sql_server:2000:sp4:*:*:*:*:*:*

OR cpe:/a:microsoft:sql_server:2000:sp4:itanium:*:*:*:*:*

OR cpe:/a:microsoft:sql_server:2005:sp1:*:*:*:*:*:*

OR cpe:/a:microsoft:sql_server:2005:sp1:express:*:*:*:*:*

OR cpe:/a:microsoft:sql_server:2005:sp1:itanium:*:*:*:*:*

OR cpe:/a:microsoft:sql_server:2005:sp1:x64:*:*:*:*:*

OR cpe:/a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*

OR cpe:/a:microsoft:sql_server:2005:sp2:express:*:*:*:*:*

OR cpe:/a:microsoft:sql_server:2005:sp2:itanium:*:*:*:*:*

OR cpe:/a:microsoft:sql_server:2005:sp2:x64:*:*:*:*:*

OR cpe:/a:microsoft:sql_server_desktop_engine:2000:sp4:*:*:*:*:*:*

Configuration 2:

cpe:/a:microsoft:wmsde:2000:*:*:*:*:*:*:*

OR cpe:/a:microsoft:wyukon:*:sp2:*:*:*:*:*:*

AND

cpe:/o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*

Configuration 3:

cpe:/a:microsoft:wmsde:2000:*:*:*:*:*:*:*

OR cpe:/a:microsoft:wyukon:*:sp2:x64:*:*:*:*:*

AND

cpe:/o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*

Configuration 4:

cpe:/a:microsoft:wyukon:*:sp2:*:*:*:*:*:*

OR cpe:/a:microsoft:wyukon:*:sp2:x64:*:*:*:*:*

AND

cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x32:*

OR cpe:/o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*

Configuration CCN 1:

cpe:/a:microsoft:sql_server_desktop_engine:2000:*:*:*:*:*:*:*

OR cpe:/a:microsoft:sql_server:2000:sp4:*:*:*:*:*:*

OR cpe:/a:microsoft:sql_server:2005:sp1:*:*:*:*:*:*

OR cpe:/a:microsoft:sql_server:7.0:sp4:*:*:*:*:*:*

OR cpe:/a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*

OR cpe:/a:microsoft:sql_server:2000:sp4:itanium:*:*:*:*:*

OR cpe:/a:microsoft:sql_server:2005:sp2:x64:*:*:*:*:*

OR cpe:/a:microsoft:sql_server:2005:sp1:x64:*:*:*:*:*

OR cpe:/a:microsoft:sql_server:2005:sp2:itanium:*:*:*:*:*

OR cpe:/a:microsoft:sql_server:2005:sp1:itanium:*:*:*:*:*

OR cpe:/a:microsoft:sql_server:2005:sp2:express:*:*:*:*:*

OR cpe:/a:microsoft:sql_server:2005:sp1:express:*:*:*:*:*

OR cpe:/a:microsoft:data_engine:1.0:sp4:*:*:*:*:*:*

OR cpe:/a:microsoft:sql_server_desktop_engine:2000:sp4:*:*:*:*:*:*

AND

cpe:/a:vmware:vcenter_update_manager:4.0:*:*:*:*:*:*:*

OR cpe:/a:vmware:vcenter_server:4.1:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:13936	V	Memory Corruption Vulnerability in SQL Server	2013-10-07