Detections
Analytics

MS15-058: Vulnerabilities in SQL Server Could Allow Remote Code Execution (3065718) (uncredentialed check)

high Nessus Plugin ID 84737

Language:

Synopsis

The remote SQL Server installation is affected by multiple vulnerabilities.

Description

The remote Microsoft SQL Server installation is affected by multiple vulnerabilities :

 - A privilege escalation vulnerability exists due to the casting of pointers to an incorrect class. An authenticated, remote attacker can exploit this, via a specially crafted SQL query, to gain elevated privileges. (CVE-2015-1761)

 - A remote code execution vulnerability exists due to incorrect handling of internal function calls to uninitialized memory. An attacker can exploit this, via a specially crafted SQL query on an affected SQL server that has special permission settings (such as VIEW SERVER STATE) turned on, to execute arbitrary code.
 (CVE-2015-1762)

 - A remote code execution vulnerability exists due to incorrect handling of internal function calls to uninitialized memory. An authenticated, remote attacker can exploit this, via a specially crafted SQL query designed to execute a virtual function from a wrong address, to execute arbitrary code. (CVE-2015-1762)

Solution

Microsoft has released a set of patches for SQL Server 2008, 2008 R2, 2012, and 2014.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2015/ms15-058

Plugin Details

Severity: High

ID: 84737

File Name: smb_kb3065718.nasl

Version: 1.9

Type: remote

Agent: windows

Family: Windows

Published: 7/14/2015

Updated: 4/11/2022

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 8.5

Temporal Score: 6.3

Vector: CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2015-1763

CVSS v3

Risk Factor: High

Base Score: 8

Temporal Score: 7

Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:sql_server

Required KB Items: Settings/ParanoidReport

Exploit Ease: No known exploits are available

Patch Publication Date: 7/14/2015

Vulnerability Publication Date: 7/14/2015

Reference Information

CVE: CVE-2015-1761, CVE-2015-1762, CVE-2015-1763

MSFT: MS15-058

MSKB: 3065718