cnvd - cnvd-2015-04707

cnvd-2015-04707

Vulnerability from cnvd

Title: Microsoft SQL Server权限漏洞

Description:

Microsoft SQL Server是美国微软（Microsoft）公司开发和维护的一套应用在Microsoft Windows系统下的大型商业数据库系统。

Microsoft SQL Server存在权限提升漏洞，攻击者可利用此漏洞获得用于查看、更改或删除数据的提升特权，或创新新帐户。

Severity: 中

Patch Name: Microsoft SQL Server权限漏洞的补丁

Patch Description:

Microsoft SQL Server是美国微软（Microsoft）公司开发和维护的一套应用在Microsoft Windows系统下的大型商业数据库系统。

Microsoft SQL Server存在权限提升漏洞，攻击者可利用此漏洞获得用于查看、更改或删除数据的提升特权，或创新新帐户。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已经发布升级补丁/版本以修复这个安全问题，请用户及时下载更新： http://technet.microsoft.com/security/bulletin/MS15-058

Reference: http://technet.microsoft.com/security/bulletin/MS15-058 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1761

Impacted products

Name
['Microsoft SQL Server 2008 SP3', 'Microsoft SQL Server 2008 SP4', 'Microsoft SQL Server 2008 R2 SP2', 'Microsoft SQL Server 2008 R2 SP3', 'Microsoft SQL Server 2012 SP1', 'Microsoft SQL Server 2012 SP2', 'Microsoft SQL Server 2014']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-1761"
    }
  },
  "description": "Microsoft SQL Server\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u5f00\u53d1\u548c\u7ef4\u62a4\u7684\u4e00\u5957\u5e94\u7528\u5728Microsoft Windows\u7cfb\u7edf\u4e0b\u7684\u5927\u578b\u5546\u4e1a\u6570\u636e\u5e93\u7cfb\u7edf\u3002\r\n\r\nMicrosoft SQL Server\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u83b7\u5f97\u7528\u4e8e\u67e5\u770b\u3001\u66f4\u6539\u6216\u5220\u9664\u6570\u636e\u7684\u63d0\u5347\u7279\u6743\uff0c\u6216\u521b\u65b0\u65b0\u5e10\u6237\u3002",
  "discovererName": "Microsoft",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u5347\u7ea7\u8865\u4e01/\u7248\u672c\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u7528\u6237\u53ca\u65f6\u4e0b\u8f7d\u66f4\u65b0\uff1a\r\nhttp://technet.microsoft.com/security/bulletin/MS15-058",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-04707",
  "openTime": "2015-07-22",
  "patchDescription": "Microsoft SQL Server\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u5f00\u53d1\u548c\u7ef4\u62a4\u7684\u4e00\u5957\u5e94\u7528\u5728Microsoft Windows\u7cfb\u7edf\u4e0b\u7684\u5927\u578b\u5546\u4e1a\u6570\u636e\u5e93\u7cfb\u7edf\u3002\r\n\r\nMicrosoft SQL Server\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u83b7\u5f97\u7528\u4e8e\u67e5\u770b\u3001\u66f4\u6539\u6216\u5220\u9664\u6570\u636e\u7684\u63d0\u5347\u7279\u6743\uff0c\u6216\u521b\u65b0\u65b0\u5e10\u6237\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft SQL Server\u6743\u9650\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft SQL Server 2008 SP3",
      "Microsoft SQL Server 2008 SP4",
      "Microsoft SQL Server 2008 R2 SP2",
      "Microsoft SQL Server 2008 R2 SP3",
      "Microsoft SQL Server 2012 SP1",
      "Microsoft SQL Server 2012 SP2",
      "Microsoft SQL Server 2014"
    ]
  },
  "referenceLink": "http://technet.microsoft.com/security/bulletin/MS15-058\r\nhttps://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1761",
  "serverity": "\u4e2d",
  "submitTime": "2015-07-16",
  "title": "Microsoft SQL Server\u6743\u9650\u6f0f\u6d1e"
}

CVE-2015-1761 (GCVE-0-2015-1761)

Vulnerability from cvelistv5

Published

2015-07-14 23:00

Modified

2024-08-06 04:54

Severity ?

CWE

Summary

Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 uses an incorrect class during casts of unspecified pointers, which allows remote authenticated users to gain privileges by leveraging certain write access, aka "SQL Server Elevation of Privilege Vulnerability."

References

▼	URL	Tags
	http://www.securitytracker.com/id/1032893	vdb-entry, x_refsource_SECTRACK
	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-058	vendor-advisory, x_refsource_MS
	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05382740	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:54:16.024Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1032893",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032893"
          },
          {
            "name": "MS15-058",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-058"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05382740"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-07-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 uses an incorrect class during casts of unspecified pointers, which allows remote authenticated users to gain privileges by leveraging certain write access, aka \"SQL Server Elevation of Privilege Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "1032893",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032893"
        },
        {
          "name": "MS15-058",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-058"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05382740"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2015-1761",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 uses an incorrect class during casts of unspecified pointers, which allows remote authenticated users to gain privileges by leveraging certain write access, aka \"SQL Server Elevation of Privilege Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1032893",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032893"
            },
            {
              "name": "MS15-058",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-058"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05382740",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05382740"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2015-1761",
    "datePublished": "2015-07-14T23:00:00",
    "dateReserved": "2015-02-17T00:00:00",
    "dateUpdated": "2024-08-06T04:54:16.024Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted