Signature Detail

DB: MSSQL Replwritetovarbin Query

This signature detects attempts to exploit a known vulnerability against Microsoft MS-SQL server. A successful attack can lead to arbitrary code execution.

Extended Description

Microsoft SQL Server is prone to a remote memory-corruption vulnerability because it fails to properly handle user-supplied input. Authenticated attackers can exploit this issue to execute arbitrary code and completely compromise affected computers. Failed attacks will likely cause denial-of-service conditions. The issue affects the following: Microsoft SQL Server 2000 Microsoft SQL Server 2005

Affected Products

• Microsoft sql_server_2000 8.00.194
• Microsoft sql_server_2000 SP1
• Microsoft sql_server_2000 SP2
• Microsoft sql_server_2000 SP3
• Microsoft sql_server_2000 Sp3a
• Microsoft sql_server_2000 SP4
• Microsoft sql_server_2000
• Microsoft sql_server_2000_desktop_engine SP1
• Microsoft sql_server_2000_desktop_engine SP2
• Microsoft sql_server_2000_desktop_engine SP3
• Microsoft sql_server_2000_desktop_engine SP4
• Microsoft sql_server_2000_desktop_engine
• Microsoft sql_server_2000_desktop_engine
• Microsoft sql_server_2000_itanium_edition SP1
• Microsoft sql_server_2000_itanium_edition SP2
• Microsoft sql_server_2000_itanium_edition SP3
• Microsoft sql_server_2000_itanium_edition SP4
• Microsoft sql_server_2000_itanium_edition
• Microsoft sql_server_2005 SP1
• Microsoft sql_server_2005 SP2
• Microsoft sql_server_2005 Yukon
• Microsoft sql_server_2005
• Microsoft sql_server_2005_backward_compatibility 8.05.1054
• Microsoft sql_server_2005_books_online 9.00.1399.06
• Microsoft sql_server_2005_express_edition SP1
• Microsoft sql_server_2005_express_edition SP2
• Microsoft sql_server_2005_express_edition
• Microsoft sql_server_2005_express_edition_with_advanced_serv SP1
• Microsoft sql_server_2005_express_edition_with_advanced_serv SP2
• Microsoft sql_server_2005_integration_services 9.1.2047.00
• Microsoft sql_server_2005_itanium_edition SP1
• Microsoft sql_server_2005_itanium_edition SP2
• Microsoft sql_server_2005_itanium_edition
• Microsoft sql_server_2005_reporting_services 9.00.1399.06
• Microsoft sql_server_2005_tools 9.00.1399.06
• Microsoft sql_server_2005_upgrade_advisor 9.00.2407.00
• Microsoft sql_server_2005_x64_edition SP1
• Microsoft sql_server_2005_x64_edition SP2
• Microsoft windows_2000_advanced_server SP4
• Microsoft windows_2000_datacenter_server SP4
• Microsoft windows_2000_professional SP4
• Microsoft windows_2000_server SP4
• Microsoft windows_internal_database_(wyukon) SP1
• Microsoft windows_internal_database_(wyukon) SP2
• Microsoft windows_internal_database_(wyukon)
• Microsoft windows_internal_database_(wyukon)_x64 SP1
• Microsoft windows_internal_database_(wyukon)_x64 SP2
• Microsoft windows_internal_database_(wyukon)_x64
• Vmware vcenter 4.0
• Vmware vcenter 4.1
• Vmware vcenter_update_manager 1.0
• Vmware vcenter_update_manager 4.0
• Vmware vcenter_update_manager 4.1
• Vmware virtualcenter 2.5
• Vmware virtualcenter 2.5 Update 1
• Vmware virtualcenter 2.5 Update 2
• Vmware virtualcenter 2.5.Update 3 Build 11983
• Vmware virtualcenter 2.5 Update 4
• Vmware virtualcenter 2.5 Update 5
• Vmware virtualcenter 2.5 Update 6

References

• BugTraq: 32710
• CVE: CVE-2008-5416
• URL: http://www.microsoft.com/technet/security/advisory/961040.mspx
• URL: http://www.microsoft.com/technet/security/Bulletin/MS09-004.mspx