Detections
Analytics

MS15-058: Vulnerabilities in SQL Server Could Allow Remote Code Execution (3065718)

medium Nessus Plugin ID 84738

Language:

Synopsis

The remote SQL Server installation is affected by multiple vulnerabilities.

Description

The remote Microsoft SQL Server installation is affected by multiple vulnerabilities :

 - A privilege escalation vulnerability exists due to the casting of pointers to an incorrect class. An authenticated, remote attacker can exploit this, via a specially crafted SQL query, to gain elevated privileges. (CVE-2015-1761)

 - A remote code execution vulnerability exists due to incorrect handling of internal function calls to uninitialized memory. An attacker can exploit this, via a specially crafted SQL query on an affected SQL server that has special permission settings (such as VIEW SERVER STATE) turned on, to execute arbitrary code.
 (CVE-2015-1762)

 - A remote code execution vulnerability exists due to incorrect handling of internal function calls to uninitialized memory. An authenticated, remote attacker can exploit this, via a specially crafted SQL query designed to execute a virtual function from a wrong address, to execute arbitrary code. (CVE-2015-1763)

Solution

Microsoft has released a set of patches for SQL Server 2008, 2008 R2, 2012, and 2014.

See Also

http://www.nessus.org/u?4c135c5d

Plugin Details

Severity: Medium

ID: 84738

File Name: smb_nt_ms15-058.nasl

Version: 1.14

Type: local

Agent: windows

Published: 7/14/2015

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 8.5

Temporal Score: 6.3

Vector: CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2015-1763

CVSS v3

Risk Factor: Medium

Base Score: 6.3

Temporal Score: 5.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:sql_server

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Ease: No known exploits are available

Patch Publication Date: 7/14/2015

Vulnerability Publication Date: 7/14/2015

Reference Information

CVE: CVE-2015-1761, CVE-2015-1762, CVE-2015-1763