A vulnerability in the Microsoft SQL Server sp_replwritetovarbin extended stored procedure could allow an authenticated attacker to execute arbitrary code on an affected server.
Some versions of Microsoft SQL Server contain a vulnerability in the sp_replwritetovarbin stored procedure. The vulnerability could allow an attacker to modify heap memory and potentially execute arbitrary code. The vulnerability is described in SEC Consult Security Advisory < 20081209-0 >. Microsoft Security Bulletin MS09-004 provides further details, including affected database versions and workarounds.
In order to access sp_replwritetovarbin, an attacker would need to authenticate to the database first. A separate SQL injection vulnerability in a web application could allow a remote, unauthenticated attacker to exploit the sp_replwritetovarbin vulnerability with the user credentials of the web application. Microsoft Security Advisory (954462) provides detection and mitigation advice for SQL injection vulnerabilities.
A local or remote authenticated attacker may be able to execute arbitrary code with the privileges of the SQL Server on the affected system. In the case of a SQL injection vulnerability in a web application that uses a vulnerable database, a remote attacker may be able to exploit the sp_replwritetovarbin vulnerability with credentials of the web application.
Apply an update
This vulnerability was reported by Bernhard Mueller of SEC Consult Vulnerability Lab.
This document was written by Chad R Dougherty and Art Manion.
|Date First Published:||2008-12-24|
|Date Last Updated:||2009-02-11 03:09 UTC|