PT-2014-1684 · Microsoft · Sql Server

Published

2014-08-12

Updated

2018-10-12

CVE-2014-4061

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Microsoft SQL Server versions 2008 SP3, 2008 R2 SP2, and 2012 SP1

Description A denial of service issue exists due to improper control of stack memory for processing T-SQL batch commands. This allows remote authenticated users to cause a denial of service, resulting in the server stopping responding until a manual reboot is initiated.

Recommendations For Microsoft SQL Server 2008 SP3, consider applying a patch or fix to resolve the issue. For Microsoft SQL Server 2008 R2 SP2, consider applying a patch or fix to resolve the issue. For Microsoft SQL Server 2012 SP1, consider applying a patch or fix to resolve the issue. As a temporary workaround, consider restricting access to T-SQL batch commands to minimize the risk of exploitation.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

BDU:2015-00631

CVE-2014-4061

Affected Products

Sql Server

PT-2014-1684 · Microsoft · Sql Server

CVE-2014-4061

Weakness Enumeration

Related Identifiers

Affected Products

References · 8