Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: New MS SQL Server vulnerability - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
New MS SQL Server vulnerability

A slightly belated entry to make sure everyone is aware that last week we saw a new vulnerability announced for MS SQL Server 2000, 2005 & 2005 Express Edition by Bernhard Mueller from SEC Consult. Here is the original announcement: http://www.sec-consult.com/files/20081209_mssql-sp_replwritetovarbin_memwrite.txt

The above link does include a simple test script (not a full PoC) for the vulnerability.

There is a mitigation available - you can remove the vulnerable stored procedure. Microsoft hasn't provided a patch yet and hasn't provided a timeframe for delivery either.

 

Toby

68 Posts
In sql server 2005 you can't drop an extended stored procedure. You can deny the execute permission on it which effectively disables it.
http://msdn.microsoft.com/en-us/library/ms164755(SQL.90).aspx
Brian

3 Posts
In sql 2005 you can't remove an extended stored procedure. You can grant deny permission to the public user which effectivly disables it.

"In SQL Server 2005, sp_dropextendedproc does not drop system extended stored procedures. Instead, the system administrator should deny EXECUTE permission on the extended stored procedure to the public role. In SQL Server 2000, sp_dropextendedproc could be used to drop any extended stored procedure."

http://msdn.microsoft.com/en-us/library/ms164755(SQL.90).aspx
Brian

3 Posts

Sign Up for Free or Log In to start participating in the conversation!