cnvd - cnvd-2015-04708

CNVD-2015-04708

Vulnerability from cnvd - Published: 2015-07-22

Title

Microsoft SQL Server远程代码执行漏洞

Description

Microsoft SQL Server是美国微软（Microsoft）公司开发和维护的一套应用在Microsoft Windows系统下的大型商业数据库系统。 Microsoft SQL Server未能正确地处理对未初始化内容的内部函数调用时存在远程代码执行漏洞，攻击者利用此漏洞可通过在启用特殊权限设置（如 VIEW SERVER STATE）的受影响的SQL Server上运行特制的查询，完全控制受影响的系统。

Severity

高

Patch Name

Microsoft SQL Server远程代码执行漏洞的补丁

Patch Description

Formal description

目前厂商已经发布升级补丁/版本以修复这个安全问题，请用户及时下载更新： http://technet.microsoft.com/security/bulletin/MS15-058

Reference

http://technet.microsoft.com/security/bulletin/MS15-058

Impacted products

Name
['Microsoft SQL Server 2008 SP3', 'Microsoft SQL Server 2008 SP4', 'Microsoft SQL Server 2008 R2 SP2', 'Microsoft SQL Server 2008 R2 SP3', 'Microsoft SQL Server 2012 SP1', 'Microsoft SQL Server 2012 SP2', 'Microsoft SQL Server 2014']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-1762"
    }
  },
  "description": "Microsoft SQL Server\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u5f00\u53d1\u548c\u7ef4\u62a4\u7684\u4e00\u5957\u5e94\u7528\u5728Microsoft Windows\u7cfb\u7edf\u4e0b\u7684\u5927\u578b\u5546\u4e1a\u6570\u636e\u5e93\u7cfb\u7edf\u3002\r\n\r\nMicrosoft SQL Server\u672a\u80fd\u6b63\u786e\u5730\u5904\u7406\u5bf9\u672a\u521d\u59cb\u5316\u5185\u5bb9\u7684\u5185\u90e8\u51fd\u6570\u8c03\u7528\u65f6\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u5229\u7528\u6b64\u6f0f\u6d1e\u53ef\u901a\u8fc7\u5728\u542f\u7528\u7279\u6b8a\u6743\u9650\u8bbe\u7f6e\uff08\u5982 VIEW SERVER STATE\uff09\u7684\u53d7\u5f71\u54cd\u7684SQL Server\u4e0a\u8fd0\u884c\u7279\u5236\u7684\u67e5\u8be2\uff0c\u5b8c\u5168\u63a7\u5236\u53d7\u5f71\u54cd\u7684\u7cfb\u7edf\u3002",
  "discovererName": "Microsoft",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u5347\u7ea7\u8865\u4e01/\u7248\u672c\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u7528\u6237\u53ca\u65f6\u4e0b\u8f7d\u66f4\u65b0\uff1a\r\nhttp://technet.microsoft.com/security/bulletin/MS15-058",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-04708",
  "openTime": "2015-07-22",
  "patchDescription": "Microsoft SQL Server\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u5f00\u53d1\u548c\u7ef4\u62a4\u7684\u4e00\u5957\u5e94\u7528\u5728Microsoft Windows\u7cfb\u7edf\u4e0b\u7684\u5927\u578b\u5546\u4e1a\u6570\u636e\u5e93\u7cfb\u7edf\u3002\r\n\r\nMicrosoft SQL Server\u672a\u80fd\u6b63\u786e\u5730\u5904\u7406\u5bf9\u672a\u521d\u59cb\u5316\u5185\u5bb9\u7684\u5185\u90e8\u51fd\u6570\u8c03\u7528\u65f6\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u5229\u7528\u6b64\u6f0f\u6d1e\u53ef\u901a\u8fc7\u5728\u542f\u7528\u7279\u6b8a\u6743\u9650\u8bbe\u7f6e\uff08\u5982 VIEW SERVER STATE\uff09\u7684\u53d7\u5f71\u54cd\u7684SQL Server\u4e0a\u8fd0\u884c\u7279\u5236\u7684\u67e5\u8be2\uff0c\u5b8c\u5168\u63a7\u5236\u53d7\u5f71\u54cd\u7684\u7cfb\u7edf\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft SQL Server\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft SQL Server 2008 SP3",
      "Microsoft SQL Server 2008 SP4",
      "Microsoft SQL Server 2008 R2 SP2",
      "Microsoft SQL Server 2008 R2 SP3",
      "Microsoft SQL Server 2012 SP1",
      "Microsoft SQL Server 2012 SP2",
      "Microsoft SQL Server 2014"
    ]
  },
  "referenceLink": "http://technet.microsoft.com/security/bulletin/MS15-058",
  "serverity": "\u9ad8",
  "submitTime": "2015-07-16",
  "title": "Microsoft SQL Server\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

CVE-2015-1762 (GCVE-0-2015-1762)

Vulnerability from cvelistv5 – Published: 2015-07-14 23:00 – Updated: 2024-08-06 04:54

Summary

Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014, when transactional replication is configured, does not prevent use of uninitialized memory in unspecified function calls, which allows remote authenticated users to execute arbitrary code by leveraging certain permissions and making a crafted query, as demonstrated by the VIEW SERVER STATE permission, aka "SQL Server Remote Code Execution Vulnerability."

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	http://www.securitytracker.com/id/1032893	vdb-entryx_refsource_SECTRACK
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:54:16.086Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1032893",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032893"
          },
          {
            "name": "MS15-058",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-058"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-07-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014, when transactional replication is configured, does not prevent use of uninitialized memory in unspecified function calls, which allows remote authenticated users to execute arbitrary code by leveraging certain permissions and making a crafted query, as demonstrated by the VIEW SERVER STATE permission, aka \"SQL Server Remote Code Execution Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "1032893",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032893"
        },
        {
          "name": "MS15-058",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-058"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2015-1762",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014, when transactional replication is configured, does not prevent use of uninitialized memory in unspecified function calls, which allows remote authenticated users to execute arbitrary code by leveraging certain permissions and making a crafted query, as demonstrated by the VIEW SERVER STATE permission, aka \"SQL Server Remote Code Execution Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1032893",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032893"
            },
            {
              "name": "MS15-058",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-058"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2015-1762",
    "datePublished": "2015-07-14T23:00:00",
    "dateReserved": "2015-02-17T00:00:00",
    "dateUpdated": "2024-08-06T04:54:16.086Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2015-04708

CVE-2015-1762 (GCVE-0-2015-1762)

Tags

Sightings

Nomenclature