Vulnerability Note VU#584868

Microsoft SQL Server vulnerable to buffer overflow

Original Release date: 24 Jul 2003 | Last revised: 24 Jul 2003

Overview

Microsoft SQL Server contains a buffer overflow vulnerability. A local attacker could leverage this vulnerability to gain elevated privileges and/or execute arbitrary code.

Description

Quoting from Microsoft Security Bulletin MS03-031:

    A flaw exists in a specific Windows function that may allow an authenticated user with direct access to log on to the system running SQL Server the ability create a specially crafted packet that, when sent to the listening local procedure call (LPC) port of the system, could cause a buffer overrun. If successfully exploited, this could allow a user with limited permissions on the system to elevate their permissions to the level of the SQL Server service account, or cause arbitrary code to run.

Impact

This vulnerability may allow a remote attacker to gain privileges equivalent to the SQL Server Service account, or execute arbitrary code with the privileges of the SQL Server Service. Quoting from Microsoft Security Bulletin MS03-031:

Code running with service account permissions could provide an attacker with the ability to take full control over the database and the data contained within it.

Solution

Apply a patch as described in Microsoft Security Bulletin MS03-031.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Microsoft CorporationAffected-24 Jul 2003
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was discovered by Andreas Junstream of @Stake. The CERT/CC thanks Microsoft for providing Microsoft Security Bulletin MS03-031, upon which the majority of this document is based.

This document was written by Ian A Finlay.

Other Information

  • CVE IDs: CAN-2003-0232
  • Date Public: 23 Jul 2003
  • Date First Published: 24 Jul 2003
  • Date Last Updated: 24 Jul 2003
  • Severity Metric: 36.00
  • Document Revision: 11

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.