Overview
» IDS/IPS Signatures
Security Sites
Products
White Papers
Data Sheets
Case Studies
Support Login
Locate a Partner
iPolicy Networks Security Advisory
 

Microsoft SQL Server Convert Function Buffer Overflow Vulnerability
Date Discovered: 07/08/2008
Severity: Medium
Operating Systems Affected: Microsoft Windows 2000 SP4
Microsoft Windows Server 2003 SP1
Microsoft Windows Server 2003 SP2
Microsoft Windows Server 2003 SP1
Microsoft Windows Server 2003 SP2
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows Server 2003 x64 Edition SP2
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows Server 2003 x64 Edition SP2
Applications Affected: Microsoft SQL Server 7.0 SP4
Microsoft SQL Server 2000 SP4
Microsoft SQL Server 2000 Itanium-based SP4
Microsoft SQL Server 2005 x64 SP2
Microsoft SQL Server 2005 Itanium-based SP2
Microsoft Data Engine (MSDE) 1.0 SP4
Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) SP4
Microsoft SQL Server 2005 Express SP2
Microsoft SQL Server 2005 Express with Advanced Services SP2
Synopsis
Microsoft SQL server is prone to buffer overflow vulnerability. The vulnerability exists in the way that convert function in SQL Server insufficiently checks input strings, allowing an authenticated attacker to execute code of the attacker’s choice.
Recommended Actions
Update the patches as guided by vendor at :
http://www.microsoft.com/technet/security/bulletin/ms08-040.mspx
Threat Analysis
An buffer overflow vulnerability exists in the way that SQL Server converts SQL expressions from one data type to another. This vulnerability could allow an attacker to run code and take complete control of the system. An authenticated attacker could create a query that calls the convert function with a specially crafted expression, causing the function to overflow.

An attacker who successfully exploited this vulnerability could gain elevation of privilege on an affected system. Attacker could then install programs, view, change or delete data, or create new accounts with full administrative rights.
References

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0086

Write-up by: Aditya Chaturvedi
Security Sites
 
“iPolicy is one of the most visionary firewall vendors in the firewall Magic Quadrant. Its architecture of a central session processing engine and multiple content blades that are able to block based on signatures, rules and so on is the closest to the network security ideal.”
 
Greg Young, John Pescatore
Magic Quadrant for Network Firewalls, 2H04, Gartner
 

 
Home | About Us | Products | Technology | Solutions | Support | Partners | News & Events | Resources | Contact Us
Copyright ©2008 iPolicy Networks - Security Product Division of Tech Mahindra Limited | Privacy Policy | Site Map