34,593
社区成员
发帖
与我相关
我的任务
分享Microsoft SQL Server 'sp_replwritetovarbin' Remote Memory Corruption
[Summary]
Microsoft SQL Server is prone to a remote memory-corruption vulnerability because it fails to properly handle user-supplied input.
Specifically, the issue occurs when the server handles the 'sp_replwritetovarbin' extended stored procedure call. By supplying several uninitialised variables as parameters to the call, an attacker can write to a controlled memory location. Reportedly, this can be used to achieve code execution on certain unspecified versions of the Windows operating system.
Authenticated attackers can exploit this issue to execute arbitrary code and completely compromise affected computers. Failed attacks will likely cause denial-of-service conditions.
Note that in the default configuration, any authenticated user can access the 'sp_replwritetovarbin' procedure. Proof of concept and exploit code are publicly available.
[Solution/Workaround]
Microsoft recommends to deny access to the vulnerable stored procedure. See the referenced vendor advisory for more information.
[Affected System]
Microsoft SQL Server 2000
Microsoft SQL Server 2005
[Reference]
http://www.microsoft.com/technet/security/advisory/961040.mspx
Microsoft SQL Server is prone to a remote memory-corruption vulnerability because it fails to properly handle user-supplied input.
Specifically, the issue occurs when the server handles the 'sp_replwritetovarbin' extended stored procedure call. By supplying several uninitialised variables as parameters to the call, an attacker can write to a controlled memory location. Reportedly, this can be used to achieve code execution on certain unspecified versions of the Windows operating system.
Authenticated attackers can exploit this issue to execute arbitrary code and completely compromise affected computers. Failed attacks will likely cause denial-of-service conditions.
Note that in the default configuration, any authenticated user can access the 'sp_replwritetovarbin' procedure. Proof of concept and exploit code are publicly available.
[Solution/Workaround]
Microsoft recommends to deny access to the vulnerable stored procedure. See the referenced vendor advisory for more information.
[Affected System]
Microsoft SQL Server 2000
Microsoft SQL Server 2005
[Reference]
http://www.microsoft.com/technet/security/advisory/961040.mspx
...全文
请发表友善的回复…
发表回复
NewDBA 2008-12-24
- 打赏
- 举报
我看了一下服务器上的设置,问个权限问题。。
这个存储过程都是grant execute to public的
这样的话是每个人都可以执行它了吗?
还是需要grant给具体的user或者role,才能执行
如果需要grant给某个user或者role,那还是比较安全的,因为我们没有特别grant过
如果不是的话,就需要deny execute to public了。。。
这个存储过程都是grant execute to public的
这样的话是每个人都可以执行它了吗?
还是需要grant给具体的user或者role,才能执行
如果需要grant给某个user或者role,那还是比较安全的,因为我们没有特别grant过
如果不是的话,就需要deny execute to public了。。。
