| Vulnerability Name: | CVE-2008-5416 (CCN-47182) | ||||||||
| Assigned: | 2008-12-09 | ||||||||
| Published: | 2008-12-09 | ||||||||
| Updated: | 2018-10-12 | ||||||||
| Summary: | Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier; SQL Server 2000 Desktop Engine (MSDE 2000) SP4; SQL Server 2005 SP2 and 9.00.1399.06; SQL Server 2000 Desktop Engine (WMSDE) on Windows Server 2003 SP1 and SP2; and Windows Internal Database (WYukon) SP2 allows remote authenticated users to cause a denial of service (access violation exception) or execute arbitrary code by calling the sp_replwritetovarbin extended stored procedure with a set of invalid parameters that trigger memory overwrite, aka "SQL Server sp_replwritetovarbin Limited Memory Overwrite Vulnerability." | ||||||||
| CVSS v3 Severity: | 5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C) 7.1 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
5.1 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-119 | ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: CCN Type: Full-Disclosure Mailing List, Wed Dec 10 2008 - 06:45:02 CST Microsoft SQL Server 2005 sp_replwritetovarbin memory overwrite (update to SEC Consult SA-20081209) Source: FULLDISC Type: UNKNOWN 20081210 Microsoft SQL Server 2005 sp_replwritetovarbin memory overwrite (update to SEC Consult SA-20081209) Source: MITRE Type: CNA CVE-2008-5416 Source: OSVDB Type: UNKNOWN 50917 Source: CCN Type: SA33034 Microsoft SQL Server 2000 "sp_replwritetovarbin()" Buffer Overflow Source: SECUNIA Type: Vendor Advisory 33034 Source: CCN Type: SA43206 VMware vCenter Server / Update Manager SQL Express Multiple Vulnerabilities Source: SREASON Type: UNKNOWN 4706 Source: CCN Type: SECTRACK ID: 1021363 Microsoft SQL Server Memory Overwrite Bug in sp_replwritetovarbin May Let Remote Users Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1021363 Source: CCN Type: SECTRACK ID: 1021490 Microsoft SQL Server Heap Overflow Lets Remote Authenticated Users Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1021490 Source: CONFIRM Type: UNKNOWN http://support.avaya.com/elmodocs2/security/ASA-2009-055.htm Source: CCN Type: ASA-2009-055 MS09-004 Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420) Source: CCN Type: US-CERT VU#696644 Microsoft SQL Server fails to properly validate parameters to the sp_replwritetovarbin extended stored procedure Source: CERT-VN Type: US Government Resource VU#696644 Source: CCN Type: Microsoft Security Advisory (961040) Vulnerability in SQL Server Could Allow Remote Code Execution Source: CONFIRM Type: UNKNOWN http://www.microsoft.com/technet/security/advisory/961040.mspx Source: CCN Type: Microsoft Security Bulletin MS09-004 Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420) Source: CCN Type: SEC Consult Security Advisory < 20081209-0 > Microsoft SQL Server 2000 sp_replwritetovarbin limited memory overwrite vulnerability Source: MISC Type: Exploit http://www.sec-consult.com/files/20081209_mssql-2000-sp_replwritetovarbin_memwrite.txt Source: BUGTRAQ Type: UNKNOWN 20081209 SEC Consult SA-20081109-0 :: Microsoft SQL Server 2000 sp_replwritetovarbin limited memory overwrite vulnerability Source: BUGTRAQ Type: UNKNOWN 20081210 Microsoft SQL Server 2005 sp_replwritetovarbin memory overwrite(update to SEC Consult SA-20081209) Source: BUGTRAQ Type: UNKNOWN 20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX Source: BID Type: Exploit 32710 Source: CCN Type: BID-32710 Microsoft SQL Server 'sp_replwritetovarbin' Remote Memory Corruption Vulnerability Source: CERT Type: US Government Resource TA09-041A Source: CONFIRM Type: UNKNOWN http://www.vmware.com/security/advisories/VMSA-2011-0003.html Source: CONFIRM Type: UNKNOWN http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html Source: VUPEN Type: UNKNOWN ADV-2008-3380 Source: MS Type: UNKNOWN MS09-004 Source: XF Type: UNKNOWN mssql-spreplwritetovarbin-bo(47182) Source: XF Type: UNKNOWN mssql-spreplwritetovarbin-bo(47182) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:6217 Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [01-28-2011] Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [02-08-2011] Source: EXPLOIT-DB Type: UNKNOWN 7501 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||