RNP > Serviços > Segurança em redes > Alertas do CAIS

Vulnerabilidades no Microsoft SQL

Microsoft Security Bulletin MS08-040

[CAIS, 10.07.2008-16:16, revisão 01]

O CAIS está repassando o alerta da Microsoft, intitulado "MS08-040 - Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203)", que trata de quatro vulnerabilidades identificadas no Microsoft SQL.

A vulnerabilidade mais crítica pode permitir a um atacante o controle completo sobre o sistema atacado. As vulnerabilidades estão relacionadas com o gerenciamento de memória virtual (swap) do SQL, com a função de conversão do SQL, uma falha na rotina de processo de backup da base e uma falha no SQL que pode permitir o buffer overflow e consequente escalação de privilégios do atacante.
 
 
Sistemas afetados

• SQL Server 7.0 Service Pack 4
• SQL Server 2000 Service Pack 4
• SQL Server 2000 Itanium-based Edition Service Pack 4
• SQL Server 2005 Service Pack 2
• SQL Server 2005 x64 Edition Service Pack 2
• SQL Server 2005 com SP2 para sistemas baseados em Itanium
• Microsoft Data Engine (MSDE) 1.0 Service Pack 4
• Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) Service Pack 4
• Microsoft SQL Server 2005 Express Edition Service Pack 2
• Microsoft SQL Server 2005 Express Edition com Advanced Services Service Pack 2
• Microsoft SQL Server 2000 Desktop Engine (WMSDE) componente do Microsoft Windows 2000 Service Pack 4
• Microsoft SQL Server 2000 Desktop Engine (WMSDE) componente do Windows Server 2003 Service Pack 1
• Microsoft SQL Server 2000 Desktop Engine (WMSDE) componente do Windows Server 2003 Service Pack 2
• Windows Internal Database (WYukon) Service Pack 2 componente do Windows Server 2003 Service Pack 1
• Windows Internal Database (WYukon) Service Pack 2 componente do Windows Server 2003 Service Pack 2
• Microsoft SQL Server 2000 Desktop Engine (WMSDE) componente do Windows Server 2003 x64 Edition
• Microsoft SQL Server 2000 Desktop Engine (WMSDE) componente do Windows Server 2003 x64 Edition Service Pack 2
• Windows Internal Database (WYukon) x64 Edition Service Pack 2 componente do Windows Server 2003 x64 Edition
• Windows Internal Database (WYukon) x64 Edition Service Pack 2 componente do Windows Server 2003 x64 Edition Service Pack 2
• Windows Internal Database (WYukon) Service Pack 2 componente do Windows Server 2008 para Sistemas 32-bit
• Windows Internal Database (WYukon) x64 Edition Service Pack 2 componente do Windows Server 2008 para Sistemas baseados em x64

• SQL Server 7.0 Service Pack 4
• • GDR
  • QFE
• SQL Server 2000 Service Pack 4
• • GDR
  • QFE
• SQL Server 2000 Itanium-based Edition Service Pack 4
• • GDR
  • QFE
• SQL Server 2005 Service Pack 2
• • GDR
  • QFE
• SQL Server 2005 x64 Edition Service Pack 2
• • GDR
  • QFE
• SQL Server 2005 com SP2 para sistemas baseados em Itanium
• • GDR
  • QFE
• Microsoft Data Engine (MSDE) 1.0 Service Pack 4
• • GDR
  • QFE
• Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) Service Pack 4
• • GDR
  • QFE
• Microsoft SQL Server 2005 Express Edition Service Pack 2
• • GDR
  • QFE
• Microsoft SQL Server 2005 Express Edition com Advanced Services Service Pack 2
• • GDR
  • QFE
• Microsoft SQL Server 2000 Desktop Engine (WMSDE) componente do Microsoft Windows 2000 Service Pack 4
• Microsoft SQL Server 2000 Desktop Engine (WMSDE) componente do Windows Server 2003 Service Pack 1
• Microsoft SQL Server 2000 Desktop Engine (WMSDE) componente do Windows Server 2003 Service Pack 2
• Windows Internal Database (WYukon) Service Pack 2 componente do Windows Server 2003 Service Pack 1
• Windows Internal Database (WYukon) Service Pack 2 componente do Windows Server 2003 Service Pack 2
• Microsoft SQL Server 2000 Desktop Engine (WMSDE) componente do Windows Server 2003 x64 Edition
• Microsoft SQL Server 2000 Desktop Engine (WMSDE) componente do Windows Server 2003 x64 Edition Service Pack 2
• Windows Internal Database (WYukon) x64 Edition Service Pack 2 componente do Windows Server 2003 x64 Edition
• Windows Internal Database (WYukon) x64 Edition Service Pack 2 componente do Windows Server 2003 x64 Edition Service Pack 2
• Windows Internal Database (WYukon) Service Pack 2 componente do Windows Server 2008 for 32-bit Systems
• Windows Internal Database (WYukon) x64 Edition Service Pack 2 componente do Windows Server 2008 for x64-based Systems
  

• MS08-040 - Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203)
• SANS ISC Handler's Diary 2008-07-08: July 2008 black tuesday overview
• Microsoft Brasil Security
• Technet Brasil - Central de Segurança
• Windows Live OneCare

Contato com o Cais:

+55 (19) 3787-3300
+55 (19) 3787-3301

cais@cais.rnp.br

Chave PGP pública do Cais