{"vuid":"VU#584868","idnumber":"584868","name":"Microsoft SQL Server vulnerable to buffer overflow","keywords":["Microsoft","SQL Server","buffer overflow","crafted packet","local procedure call","LPC port","Q815495","MS03-031"],"overview":"Microsoft SQL Server contains a buffer overflow vulnerability. A local attacker could leverage this vulnerability to gain elevated privileges and/or execute arbitrary code.","clean_desc":"Quoting from Microsoft Security Bulletin MS03-031: A flaw exists in a specific Windows function that may allow an authenticated user with direct access to log on to the system running SQL Server the ability create a specially crafted packet that, when sent to the listening local procedure call (LPC) port of the system, could cause a buffer overrun. If successfully exploited, this could allow a user with limited permissions on the system to elevate their permissions to the level of the SQL Server service account, or cause arbitrary code to run.","impact":"This vulnerability may allow a remote attacker to gain privileges equivalent to the SQL Server Service account, or execute arbitrary code with the privileges of the SQL Server Service. Quoting from Microsoft Security Bulletin MS03-031: Code running with service account permissions could provide an attacker with the ability to take full control over the database and the data contained within it.","resolution":"Apply a patch as described in Microsoft Security Bulletin MS03-031.","workarounds":"","sysaffected":"","thanks":"This vulnerability was discovered by Andreas Junstream of @Stake. The CERT/CC thanks Microsoft for providing Microsoft Security Bulletin MS03-031, upon which the majority of this document is based.","author":"This document was written by Ian A Finlay.","public":["http://www.microsoft.com/security/security_bulletins/ms03-031.asp","http://www.theage.com.au/articles/2003/07/24/1058853175217.html","http://www.microsoft.com/technet/security/bulletin/MS03-031.asp","http://www.infoworld.com/article/03/07/24/HNdirectxflaws_1.html","http://www.atstake.com/research/advisories/2003/a072303-3.txt","http://www.pcpro.co.uk/news/news_story.php?id=45274","http://www.atnewyork.com/news/article.php/2239961","http://news.bbc.co.uk/1/hi/technology/3092399.stm","http://www.theregister.co.uk/content/55/31931.html","http://news.com.com/2100-1002_3-5053428.html","http://www.msnbc.com/news/943355.asp","http://www.theinquirer.net/?article=10647"],"cveids":["CVE-2003-0232"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2003-07-24T12:42:11Z","publicdate":"2003-07-23T00:00:00Z","datefirstpublished":"2003-07-24T18:03:56Z","dateupdated":"2003-07-24T18:04:04Z","revision":12,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"17","cam_population":"15","cam_impact":"20","cam_easeofexploitation":"20","cam_attackeraccessrequired":"10","cam_scorecurrent":"36","cam_scorecurrentwidelyknown":"41.625","cam_scorecurrentwidelyknownexploited":"64.125","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":36.0,"vulnote":null}