Root cause analysis and PoC for a Microsoft SQL Server Stack Overflow Vulnerability by reversing svl.dll.

Introduction

We would like to share one of our vulnerability analysis works in this blog post which covers a silently patched stack based memory corruption vulnerability (CVE-2019–1068) in svl.dll, which can be used for a Denial of Service attack and possible Remote Code Execution. This blog post is also shared on blogs of both Ataberk and Cem.

This issue affects the following versions of Microsoft SQL Server:

  • Microsoft SQL Server 2014
  • Microsoft SQL Server 2016
  • Microsoft SQL Server 2017

It was patched on 9 July…


I and Cem found a “Null Pointer Dereference” bug on a header file of Oracle VM VirtualBox version 6.1.6. This post is shared on his blog as well.

To enumerate the input surface of the application, a simple fuzzer was developed.
Then, we reported the issue via root cause to the vendor.

This issue has been fixed and addressed in version 6.1.6. More detailed information can be found on the following ticket link.

Simple Argument Fuzzer

To enumerate the input surface of the binary, we used an in-house built script. …

Fatih ERDOGAN

Security Engineer @Trendyol Group

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store