Content
(MS08-040) Microsoft Memory Page Reuse Vulnerability (941203)
- Type
- Logic error
- Impact of exploitation
- Information disclosure
- User Interaction
- no user interaction is needed
- Attack Vector
- Authenticated locally logged on user with limited privileges
- Rating
- Medium
- CVE reference
- CVE-2008-0085,
- Vendor Status
- Responded and patched
- Vulnerable systems
- Sql Server 7.0 SP4,
- SQL Server 2000 SP4,
- Sql Server 2005 SP1,
- Sql Server 2005 SP2,
- Windows 2003 Sp1,
- Windows 2003 Sp2,
- Windows Server 2008 RTM,
- Summary
- A vulnerability in Microsoft SQL Server may allow for local information-disclosure attacks.
Tab Navigation
Description
SQL Server is an industry-standard database server developed by Microsoft. A vulnerability in Microsoft SQL Server may allow for local information-disclosure attacks. A malicious local user could access sensitive information over time by using a specially crafted database object (DBO). The vulnerability is caused by the reuse of cross-database pages.
McAfee Product Mitigation & Recommendations
Recommendations
Download and install the patch available from Microsoft (941203): http://www.microsoft.com/technet/security/Bulletin/MS08-040.mspx
McAfee Product Mitigation
McAfee Foundstone
This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.
- Signature:
- (MS08-040) Microsoft Memory Page Reuse Vulnerability (941203)
- Signature identifier:
- 5991
- Release date:
- 7/8/2008
Additional Resources
Microsoft Security Bulletin: Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203)
http://www.microsoft.com/technet/security/bulletin/MS08-040.mspx
All Information
Timeline -
7/8/2008
Vendor has provided a patch.
Description -
SQL Server is an industry-standard database server developed by Microsoft. A vulnerability in Microsoft SQL Server may allow for local information-disclosure attacks. A malicious local user could access sensitive information over time by using a specially crafted database object (DBO). The vulnerability is caused by the reuse of cross-database pages.
McAfee Product Mitigation & Recommendations
Recommendations -
Download and install the patch available from Microsoft (941203): http://www.microsoft.com/technet/security/Bulletin/MS08-040.mspx
McAfee Product Mitigation
McAfee Foundstone
This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.
- Signature:
- (MS08-040) Microsoft Memory Page Reuse Vulnerability (941203)
- Signature identifier:
- 5991
- Release date:
- 7/8/2008
Additional Resources
Additional Resources -
Microsoft Security Bulletin: Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203)
http://www.microsoft.com/technet/security/bulletin/MS08-040.mspx
