Lucene search
This script is Copyright (C) 2008-2022 Tenable Network Security, Inc.SMB_NT_MS08-040.NASLHistoryJul 08, 2008 - 12:00 a.m.
MS08-040: Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203)
2008-07-0800:00:00
This script is Copyright (C) 2008-2022 Tenable Network Security, Inc.
www.tenable.com
72
CVSS2
9
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
EPSS
0.96
Percentile
99.5%
The remote host is running a version of Microsoft SQL Server, Desktop Engine or Internal Database that is vulnerable to multiple memory corruption issues.
These vulnerabilities may allow an attacker to gain elevates privileges on the server.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(33444);
script_version("1.32");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/11");
script_cve_id(
"CVE-2008-0085",
"CVE-2008-0086",
"CVE-2008-0106",
"CVE-2008-0107"
);
script_bugtraq_id(
30082,
30083,
30118,
30119
);
script_xref(name:"MSFT", value:"MS08-040");
script_xref(name:"MSKB", value:"941203");
script_name(english:"MS08-040: Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203)");
script_set_attribute(attribute:"synopsis", value:
"The remote Microsoft SQL Server install is vulnerable to memory
corruption flaws.");
script_set_attribute(attribute:"description", value:
"The remote host is running a version of Microsoft SQL Server, Desktop
Engine or Internal Database that is vulnerable to multiple memory
corruption issues.
These vulnerabilities may allow an attacker to gain elevates
privileges on the server.");
script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2008/ms08-040");
script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for SQL Server 7, 2000 and
2005.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(119, 189, 200);
script_set_attribute(attribute:"vuln_publication_date", value:"2008/07/08");
script_set_attribute(attribute:"patch_publication_date", value:"2008/07/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2008/07/08");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:sql_server");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:data_engine");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows : Microsoft Bulletins");
script_copyright(english:"This script is Copyright (C) 2008-2022 Tenable Network Security, Inc.");
script_dependencies("smb_hotfixes.nasl", "mssql_version.nasl", "ms_bulletin_checks_possible.nasl");
script_require_keys("SMB/MS_Bulletin_Checks/Possible");
script_require_ports(139, 445, 1433, "Services/mssql", "Host/patch_management_checks");
exit(0);
}
include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");
include("misc_func.inc");
get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");
bulletin = 'MS08-040';
kb = '941203';
kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);
ver_list = get_kb_list("mssql/installs/*/SQLVersion");
if (isnull(ver_list)) audit(AUDIT_NOT_INST, "Microsoft SQL Server");
vuln = FALSE;
foreach item (keys(ver_list))
{
item -= 'mssql/installs/';
item -= '/SQLVersion';
rootfile = item;
share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) continue;
if ( ( hotfix_check_fversion(path:rootfile, file:"Sqlservr.exe", version:"2000.80.2050.0", min_version:"2000.80.2000.0", bulletin:bulletin, kb:kb) == HCF_OLDER ) ||
( hotfix_check_fversion(path:rootfile, file:"Sqlservr.exe", version:"2000.80.2273.0", min_version:"2000.80.2200.0", bulletin:bulletin, kb:kb) == HCF_OLDER ) ||
( hotfix_check_fversion(path:rootfile, file:"Sqlservr.exe", version:"2000.99.4.0", min_version:"2000.90.0.0", bulletin:bulletin, kb:kb) == HCF_OLDER ) ||
( hotfix_check_fversion(path:rootfile, file:"Sqlservr.exe", version:"2005.90.3068.0", min_version:"2005.90.3000.0", bulletin:bulletin, kb:kb) == HCF_OLDER ) ||
( hotfix_check_fversion(path:rootfile, file:"Sqlservr.exe", version:"2005.90.3233.0", min_version:"2005.90.3200.0", bulletin:bulletin, kb:kb) == HCF_OLDER ) )
{
set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
hotfix_security_hole();
vuln = TRUE;
}
}
hotfix_check_fversion_end();
if (!vuln) audit(AUDIT_HOST_NOT, 'affected');
Related
nessus
nessus
securityvulns
securityvulns
openvas
openvas
mskb
mskb
cert
cert
Multiple DNS implementations vulnerable to cache poisoning
2008-07-08 00:00:00
nvd
nvd
prion
prion
Buffer overflow
2008-07-08 23:41:00
Buffer overflow
2008-07-08 23:41:00
Integer overflow
2008-07-08 23:41:00
checkpoint_advisories
checkpoint_advisories
cvelist
cvelist
cve
cve
seebug
seebug
Microsoft SQL Server็ฃ็ๆฐๆฎ็ปๆๆดๆฐๆบขๅบๆผๆด๏ผMS08-040๏ผ
2008-07-10 00:00:00
CVSS2
9
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
EPSS
0.96
Percentile
99.5%
Related for SMB_NT_MS08-040.NASL