Overview
Microsoft SQL Server contains a buffer overflow vulnerability. A local attacker could leverage this vulnerability to gain elevated privileges and/or execute arbitrary code.
Description
Quoting from Microsoft Security Bulletin MS03-031: A flaw exists in a specific Windows function that may allow an authenticated user with direct access to log on to the system running SQL Server the ability create a specially crafted packet that, when sent to the listening local procedure call (LPC) port of the system, could cause a buffer overrun. If successfully exploited, this could allow a user with limited permissions on the system to elevate their permissions to the level of the SQL Server service account, or cause arbitrary code to run. |
Impact
This vulnerability may allow a remote attacker to gain privileges equivalent to the SQL Server Service account, or execute arbitrary code with the privileges of the SQL Server Service. Quoting from Microsoft Security Bulletin MS03-031: Code running with service account permissions could provide an attacker with the ability to take full control over the database and the data contained within it. |
Solution
Apply a patch as described in Microsoft Security Bulletin MS03-031. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- http://www.microsoft.com/security/security_bulletins/ms03-031.asp
- http://www.theage.com.au/articles/2003/07/24/1058853175217.html
- http://www.microsoft.com/technet/security/bulletin/MS03-031.asp
- http://www.infoworld.com/article/03/07/24/HNdirectxflaws_1.html
- http://www.atstake.com/research/advisories/2003/a072303-3.txt
- http://www.pcpro.co.uk/news/news_story.php?id=45274
- http://www.atnewyork.com/news/article.php/2239961
- http://news.bbc.co.uk/1/hi/technology/3092399.stm
- http://www.theregister.co.uk/content/55/31931.html
- http://news.com.com/2100-1002_3-5053428.html
- http://www.msnbc.com/news/943355.asp
- http://www.theinquirer.net/?article=10647
Acknowledgements
This vulnerability was discovered by Andreas Junstream of @Stake. The CERT/CC thanks Microsoft for providing Microsoft Security Bulletin MS03-031, upon which the majority of this document is based.
This document was written by Ian A Finlay.
Other Information
| CVE IDs: | CVE-2003-0232 |
| Severity Metric: | 36.00 |
| Date Public: | 2003-07-23 |
| Date First Published: | 2003-07-24 |
| Date Last Updated: | 2003-07-24 18:04 UTC |
| Document Revision: | 12 |