|
|
AU-2008.0028 -- AusCERT Update - [Win] - Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution |
|
Date: 23 December 2008 Original URL: http://www.auscert.org.au/render.html?cid=21&it=10274 References: AA-2008.0266 Click here for PGP verifiable version -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
AusCERT Update AU-2008.0028 - [Win]
Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution
23 December 2008
AusCERT Update Summary
----------------------
Product: Microsoft SQL Server 2000 Service Pack 4
Microsoft SQL Server 2000 Itanium-based Edition Service Pack 4
Microsoft SQL Server 2005 Service Pack 2
Microsoft SQL Server 2005 x64 Edition Service Pack 2
Microsoft SQL Server 2005 with SP2 for Itanium-based Systems
Microsoft SQL Server 2005 Express Edition Service Pack 2
Microsoft SQL Server 2005 Express Edition with Advanced Services Service Pack 2
Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) Service Pack 4
Microsoft SQL Server 2000 Desktop Engine (WMSDE)
Windows Internal Database (WYukon) Service Pack 2
Operating System: Windows
Impact: Execute Arbitrary Code/Commands
Access: Remote/Unauthenticated
Existing Account
CVE Names: CVE-2008-4270
Member content until: Tuesday, January 20 2009
Ref: AA-2008.0266
Original Bulletin:
http://www.microsoft.com/technet/security/advisory/961040.mspx
Alert AA-2008.0266 was incorrectly sent out without a title. This has been
corrected with the title:
Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBSVCEoyh9+71yA2DNAQLVtgP9H1igM1tM5XKrs14XVe/v6paSuOfY0zie
10Q3gUfn2uKb31gQOiCz7Yeo/z+c1Iy1HSQsx6z2y7xM6DbuPBePAWDn5VgcSGdr
D5nZiMT1dVOARGlneD8xjX2ovCxDcRvIemH2E6nDa+fPnzK6hVaaLEwtEe+nb9j3
a476FwlCIgM=
=UeHq
-----END PGP SIGNATURE-----
|