locked
SQL Patch 959420 issue RRS feed

  • Question

  • Hi,

    I scanned with nessus i found the vulnerability that:Arbitrary code can be executed on the remote host through SQL Server

    Description :

    The remote host is running a version of Microsoft SQL Server, Desktop
    Engine or Internal Database that suffers from an authenticated remote
    code execution vulnerability in the MSSQL extended stored procedure
    'sp_replwritetovarbin' due to an invalid parameter check.

    Successful exploitation could allow an attacker to take complete
    control of the affected system.

    Solution:

    Microsoft has released a set of patches for SQL Server 2000 and 2005 :

    http://www.microsoft.com/technet/security/Bulletin/MS09-004.mspx

    My server is sql 2005 enterprices edition with sp2 but patch is mot available for this server what can i do.

    Friday, October 9, 2009 5:12 AM

Answers

  • Try to apply sql server 2005 sp3 as this update may be included in this patch.
    Systems with SQL Server 7.0 Service Pack 4, SQL Server 2005 Service Pack 3, and SQL Server 2008 are not affected by this issue.
    Thanks, Leks
    Sunday, October 11, 2009 10:43 PM