sp_replwritetovarbin memory overwrite Security threat

Yes I did. Do you know anything about this? I haven't been able to find
much more then more articles pointing back to this alert.

"Chris Wood" wrote:

> Joe,
>
> You saw this alert
> http://www.sec-consult.com/files/20081209_mssql-2000-sp_replwritetovar..._memwri
> right?
>
> Chris
>
> "jaylou" wrote in message
>
> >I recieved an email about this procedure sp_replwritetovarbin. one
> > recomendation is to remove it from your system.
> >
> > Does anyone know what this proc is for and what will break if removed?
> >
> > Also does anyone know if this is a real threat?
> >
> > TIA,
> > Joe
>
>
>
 >> Stay informed about: sp_replwritetovarbin memory overwrite Security threat 

Joe,

if they are serious about this I would expect a Security Advisory to appear
here http://www.microsoft.com/technet/security/advisory/default.mspx as the
problem has been publically announced.

Chris

"jaylou" wrote in message

> Yes I did. Do you know anything about this? I haven't been able to find
> much more then more articles pointing back to this alert.
>
> "Chris Wood" wrote:
>
>> Joe,
>>
>> You saw this alert
>> http://www.sec-consult.com/files/20081209_mssql-2000-sp_replwritetovar..._memwri
>> right?
>>
>> Chris
>>
>> "jaylou" wrote in message
>>
>> >I recieved an email about this procedure sp_replwritetovarbin. one
>> > recomendation is to remove it from your system.
>> >
>> > Does anyone know what this proc is for and what will break if removed?
>> >
>> > Also does anyone know if this is a real threat?
>> >
>> > TIA,
>> > Joe
>>
>>
>>
 >> Stay informed about: sp_replwritetovarbin memory overwrite Security threat 

OK thank,
I just subscribed to the feed.

Thanks again for the info.

"Chris Wood" wrote:

> Joe,
>
> if they are serious about this I would expect a Security Advisory to appear
> here http://www.microsoft.com/technet/security/advisory/default.mspx as the
> problem has been publically announced.
>
> Chris
>
> "jaylou" wrote in message
>
> > Yes I did. Do you know anything about this? I haven't been able to find
> > much more then more articles pointing back to this alert.
> >
> > "Chris Wood" wrote:
> >
> >> Joe,
> >>
> >> You saw this alert
> >> http://www.sec-consult.com/files/20081209_mssql-2000-sp_replwritetovar..._memwri
> >> right?
> >>
> >> Chris
> >>
> >> "jaylou" wrote in message
> >>
> >> >I recieved an email about this procedure sp_replwritetovarbin. one
> >> > recomendation is to remove it from your system.
> >> >
> >> > Does anyone know what this proc is for and what will break if removed?
> >> >
> >> > Also does anyone know if this is a real threat?
> >> >
> >> > TIA,
> >> > Joe
> >>
> >>
> >>
>
>
>
 >> Stay informed about: sp_replwritetovarbin memory overwrite Security threat 

Joe,

MS just released SQL2005 SP2 CU11 and SP3 so don't be surprised that the fix
is announced in these builds when the January patches are announced. The
original advisory shows that MS were told about this a few months ago so I
would expect them to have looked at SQL2000/SQL2005 and SQL2008 at that
time. They would have seen that if it was in SQL2000 that it was also be in
SQL2005 and check out SQL2008 as well.

Chris

"jaylou" wrote in message

> OK thank,
> I just subscribed to the feed.
>
> Thanks again for the info.
>
> "Chris Wood" wrote:
>
>> Joe,
>>
>> if they are serious about this I would expect a Security Advisory to
>> appear
>> here http://www.microsoft.com/technet/security/advisory/default.mspx as
>> the
>> problem has been publically announced.
>>
>> Chris
>>
>> "jaylou" wrote in message
>>
>> > Yes I did. Do you know anything about this? I haven't been able to
>> > find
>> > much more then more articles pointing back to this alert.
>> >
>> > "Chris Wood" wrote:
>> >
>> >> Joe,
>> >>
>> >> You saw this alert
>> >> http://www.sec-consult.com/files/20081209_mssql-2000-sp_replwritetovar..._memwri
>> >> right?
>> >>
>> >> Chris
>> >>
>> >> "jaylou" wrote in message
>> >>
>> >> >I recieved an email about this procedure sp_replwritetovarbin. one
>> >> > recomendation is to remove it from your system.
>> >> >
>> >> > Does anyone know what this proc is for and what will break if
>> >> > removed?
>> >> >
>> >> > Also does anyone know if this is a real threat?
>> >> >
>> >> > TIA,
>> >> > Joe
>> >>
>> >>
>> >>
>>
>>
>>
 >> Stay informed about: sp_replwritetovarbin memory overwrite Security threat 

Thank you again!!

"Chris Wood" wrote:

> Joe,
>
> MS just released SQL2005 SP2 CU11 and SP3 so don't be surprised that the fix
> is announced in these builds when the January patches are announced. The
> original advisory shows that MS were told about this a few months ago so I
> would expect them to have looked at SQL2000/SQL2005 and SQL2008 at that
> time. They would have seen that if it was in SQL2000 that it was also be in
> SQL2005 and check out SQL2008 as well.
>
> Chris
>
> "jaylou" wrote in message
>
> > OK thank,
> > I just subscribed to the feed.
> >
> > Thanks again for the info.
> >
> > "Chris Wood" wrote:
> >
> >> Joe,
> >>
> >> if they are serious about this I would expect a Security Advisory to
> >> appear
> >> here http://www.microsoft.com/technet/security/advisory/default.mspx as
> >> the
> >> problem has been publically announced.
> >>
> >> Chris
> >>
> >> "jaylou" wrote in message
> >>
> >> > Yes I did. Do you know anything about this? I haven't been able to
> >> > find
> >> > much more then more articles pointing back to this alert.
> >> >
> >> > "Chris Wood" wrote:
> >> >
> >> >> Joe,
> >> >>
> >> >> You saw this alert
> >> >> http://www.sec-consult.com/files/20081209_mssql-2000-sp_replwritetovar..._memwri
> >> >> right?
> >> >>
> >> >> Chris
> >> >>
> >> >> "jaylou" wrote in message
> >> >>
> >> >> >I recieved an email about this procedure sp_replwritetovarbin. one
> >> >> > recomendation is to remove it from your system.
> >> >> >
> >> >> > Does anyone know what this proc is for and what will break if
> >> >> > removed?
> >> >> >
> >> >> > Also does anyone know if this is a real threat?
> >> >> >
> >> >> > TIA,
> >> >> > Joe
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
>
>
>
 >> Stay informed about: sp_replwritetovarbin memory overwrite Security threat 

Was anyone able to identify what this proc does or what might break if removed?

Thanks,

"jaylou" wrote:

> I recieved an email about this procedure sp_replwritetovarbin. one
> recomendation is to remove it from your system.
>
> Does anyone know what this proc is for and what will break if removed?
>
> Also does anyone know if this is a real threat?
>
> TIA,
> Joe
 >> Stay informed about: sp_replwritetovarbin memory overwrite Security threat 

Not yet, and I still havent seen any alerts from Microsoft on this.


"lmpreiki" wrote:

> Was anyone able to identify what this proc does or what might break if removed?
>
> Thanks,
>
> "jaylou" wrote:
>
> > I recieved an email about this procedure sp_replwritetovarbin. one
> > recomendation is to remove it from your system.
> >
> > Does anyone know what this proc is for and what will break if removed?
> >
> > Also does anyone know if this is a real threat?
> >
> > TIA,
> > Joe
 >> Stay informed about: sp_replwritetovarbin memory overwrite Security threat 

Even though I've searched the Microsoft website and anywhere else I can think
of several times I haven't found anything either. I can't possibly delete a
procedure on without knowing what impact it might have.

"jaylou" wrote:

> Not yet, and I still havent seen any alerts from Microsoft on this.
>
>
> "lmpreiki" wrote:
>
> > Was anyone able to identify what this proc does or what might break if removed?
> >
> > Thanks,
> >
> > "jaylou" wrote:
> >
> > > I recieved an email about this procedure sp_replwritetovarbin. one
> > > recomendation is to remove it from your system.
> > >
> > > Does anyone know what this proc is for and what will break if removed?
> > >
> > > Also does anyone know if this is a real threat?
> > >
> > > TIA,
> > > Joe
 >> Stay informed about: sp_replwritetovarbin memory overwrite Security threat 

I agree. I am waiting until I hear from Microsoft. I think the alert came
from a third party consulting group. looking for work maybe?

"lmpreiki" wrote:

> Even though I've searched the Microsoft website and anywhere else I can think
> of several times I haven't found anything either. I can't possibly delete a
> procedure on without knowing what impact it might have.
>
> "jaylou" wrote:
>
> > Not yet, and I still havent seen any alerts from Microsoft on this.
> >
> >
> > "lmpreiki" wrote:
> >
> > > Was anyone able to identify what this proc does or what might break if removed?
> > >
> > > Thanks,
> > >
> > > "jaylou" wrote:
> > >
> > > > I recieved an email about this procedure sp_replwritetovarbin. one
> > > > recomendation is to remove it from your system.
> > > >
> > > > Does anyone know what this proc is for and what will break if removed?
> > > >
> > > > Also does anyone know if this is a real threat?
> > > >
> > > > TIA,
> > > > Joe
 >> Stay informed about: sp_replwritetovarbin memory overwrite Security threat 

Joe,

If you are talking SQL2005 you cannot delete it but you can take away the
public access to it. I would do the same on SQL2000, just stop it being
accessed by the public role.

Chris

"jaylou" wrote in message

>I agree. I am waiting until I hear from Microsoft. I think the alert came
> from a third party consulting group. looking for work maybe?
>
> "lmpreiki" wrote:
>
>> Even though I've searched the Microsoft website and anywhere else I can
>> think
>> of several times I haven't found anything either. I can't possibly
>> delete a
>> procedure on without knowing what impact it might have.
>>
>> "jaylou" wrote:
>>
>> > Not yet, and I still havent seen any alerts from Microsoft on this.
>> >
>> >
>> > "lmpreiki" wrote:
>> >
>> > > Was anyone able to identify what this proc does or what might break
>> > > if removed?
>> > >
>> > > Thanks,
>> > >
>> > > "jaylou" wrote:
>> > >
>> > > > I recieved an email about this procedure sp_replwritetovarbin. one
>> > > > recomendation is to remove it from your system.
>> > > >
>> > > > Does anyone know what this proc is for and what will break if
>> > > > removed?
>> > > >
>> > > > Also does anyone know if this is a real threat?
>> > > >
>> > > > TIA,
>> > > > Joe
 >> Stay informed about: sp_replwritetovarbin memory overwrite Security threat 

this is true.

In my spare time, I am researching what this proc is for and what needs
acces to it.

I will remove the access on a dev server and see what happens.

Thanks Again,
Joe




"Chris Wood" wrote:

> Joe,
>
> If you are talking SQL2005 you cannot delete it but you can take away the
> public access to it. I would do the same on SQL2000, just stop it being
> accessed by the public role.
>
> Chris
>
> "jaylou" wrote in message
>
> >I agree. I am waiting until I hear from Microsoft. I think the alert came
> > from a third party consulting group. looking for work maybe?
> >
> > "lmpreiki" wrote:
> >
> >> Even though I've searched the Microsoft website and anywhere else I can
> >> think
> >> of several times I haven't found anything either. I can't possibly
> >> delete a
> >> procedure on without knowing what impact it might have.
> >>
> >> "jaylou" wrote:
> >>
> >> > Not yet, and I still havent seen any alerts from Microsoft on this.
> >> >
> >> >
> >> > "lmpreiki" wrote:
> >> >
> >> > > Was anyone able to identify what this proc does or what might break
> >> > > if removed?
> >> > >
> >> > > Thanks,
> >> > >
> >> > > "jaylou" wrote:
> >> > >
> >> > > > I recieved an email about this procedure sp_replwritetovarbin. one
> >> > > > recomendation is to remove it from your system.
> >> > > >
> >> > > > Does anyone know what this proc is for and what will break if
> >> > > > removed?
> >> > > >
> >> > > > Also does anyone know if this is a real threat?
> >> > > >
> >> > > > TIA,
> >> > > > Joe
>
>
>
 >> Stay informed about: sp_replwritetovarbin memory overwrite Security threat 

Joe,

Microsoft issued a security advisory, as expected, and it mentions that they
fixed it in SQL2005 SP3 so it could be in SP2 CU10 or CU11 as well. See
http://www.microsoft.com/technet/security/advisory/961040.mspx

Chris

"jaylou" wrote in message

> Thank you again!!
>
> "Chris Wood" wrote:
>
>> Joe,
>>
>> MS just released SQL2005 SP2 CU11 and SP3 so don't be surprised that the
>> fix
>> is announced in these builds when the January patches are announced. The
>> original advisory shows that MS were told about this a few months ago so
>> I
>> would expect them to have looked at SQL2000/SQL2005 and SQL2008 at that
>> time. They would have seen that if it was in SQL2000 that it was also be
>> in
>> SQL2005 and check out SQL2008 as well.
>>
>> Chris
>>
>> "jaylou" wrote in message
>>
>> > OK thank,
>> > I just subscribed to the feed.
>> >
>> > Thanks again for the info.
>> >
>> > "Chris Wood" wrote:
>> >
>> >> Joe,
>> >>
>> >> if they are serious about this I would expect a Security Advisory to
>> >> appear
>> >> here http://www.microsoft.com/technet/security/advisory/default.mspx
>> >> as
>> >> the
>> >> problem has been publically announced.
>> >>
>> >> Chris
>> >>
>> >> "jaylou" wrote in message
>> >>
>> >> > Yes I did. Do you know anything about this? I haven't been able to
>> >> > find
>> >> > much more then more articles pointing back to this alert.
>> >> >
>> >> > "Chris Wood" wrote:
>> >> >
>> >> >> Joe,
>> >> >>
>> >> >> You saw this alert
>> >> >> http://www.sec-consult.com/files/20081209_mssql-2000-sp_replwritetovar..._memwri
>> >> >> right?
>> >> >>
>> >> >> Chris
>> >> >>
>> >> >> "jaylou" wrote in message
>> >> >>
>> >> >> >I recieved an email about this procedure sp_replwritetovarbin.
>> >> >> >one
>> >> >> > recomendation is to remove it from your system.
>> >> >> >
>> >> >> > Does anyone know what this proc is for and what will break if
>> >> >> > removed?
>> >> >> >
>> >> >> > Also does anyone know if this is a real threat?
>> >> >> >
>> >> >> > TIA,
>> >> >> > Joe
>> >> >>
>> >> >>
>> >> >>
>> >>
>> >>
>> >>
>>
>>
>>
 >> Stay informed about: sp_replwritetovarbin memory overwrite Security threat 

Joe,

Seems that it didn't make a security bulletin this month.

Chris

"Chris Wood" wrote in message

> Joe,
>
> Microsoft issued a security advisory, as expected, and it mentions that
> they fixed it in SQL2005 SP3 so it could be in SP2 CU10 or CU11 as well.
> See http://www.microsoft.com/technet/security/advisory/961040.mspx
>
> Chris
>
> "jaylou" wrote in message
>
>> Thank you again!!
>>
>> "Chris Wood" wrote:
>>
>>> Joe,
>>>
>>> MS just released SQL2005 SP2 CU11 and SP3 so don't be surprised that the
>>> fix
>>> is announced in these builds when the January patches are announced. The
>>> original advisory shows that MS were told about this a few months ago so
>>> I
>>> would expect them to have looked at SQL2000/SQL2005 and SQL2008 at that
>>> time. They would have seen that if it was in SQL2000 that it was also be
>>> in
>>> SQL2005 and check out SQL2008 as well.
>>>
>>> Chris
>>>
>>> "jaylou" wrote in message
>>>
>>> > OK thank,
>>> > I just subscribed to the feed.
>>> >
>>> > Thanks again for the info.
>>> >
>>> > "Chris Wood" wrote:
>>> >
>>> >> Joe,
>>> >>
>>> >> if they are serious about this I would expect a Security Advisory to
>>> >> appear
>>> >> here http://www.microsoft.com/technet/security/advisory/default.mspx
>>> >> as
>>> >> the
>>> >> problem has been publically announced.
>>> >>
>>> >> Chris
>>> >>
>>> >> "jaylou" wrote in message
>>> >>
>>> >> > Yes I did. Do you know anything about this? I haven't been able
>>> >> > to
>>> >> > find
>>> >> > much more then more articles pointing back to this alert.
>>> >> >
>>> >> > "Chris Wood" wrote:
>>> >> >
>>> >> >> Joe,
>>> >> >>
>>> >> >> You saw this alert
>>> >> >> http://www.sec-consult.com/files/20081209_mssql-2000-sp_replwritetovar..._memwri
>>> >> >> right?
>>> >> >>
>>> >> >> Chris
>>> >> >>
>>> >> >> "jaylou" wrote in message
>>> >> >>
>>> >> >> >I recieved an email about this procedure sp_replwritetovarbin.
>>> >> >> >one
>>> >> >> > recomendation is to remove it from your system.
>>> >> >> >
>>> >> >> > Does anyone know what this proc is for and what will break if
>>> >> >> > removed?
>>> >> >> >
>>> >> >> > Also does anyone know if this is a real threat?
>>> >> >> >
>>> >> >> > TIA,
>>> >> >> > Joe
>>> >> >>
>>> >> >>
>>> >> >>
>>> >>
>>> >>
>>> >>
>>>
>>>
>>>
>
>
 >> Stay informed about: sp_replwritetovarbin memory overwrite Security threat