This MS bulletin mentions several extended stored procedures are vulnerable, does anyone have a list or an idea if any of these have by default exec permissions for the group 'public'? At least one confirmed case of buffer overflow: > xp_enumgroups '<long string>' [Microsoft][ODBC SQL Server Driver][DBNETLIB]ConnectionCheckForData (CheckforData()). Server: Msg 11, Level 16, State 1, Line 0 General network error. Check your network documentation. Connection Broken And in the event log: Error: 0, Severity: 19, State: 0 SqlDumpExceptionHandler: Process 53 generated fatal exception c0000005 EXCEPTION_ACCESS_VIOLATION. SQL Server is terminating this process. Error: 0, Severity: 21, State: 0 SQL Server is aborting. Fatal exception 0 caught. SQL Server has to be manually restarted after the second time this crash occurs. This is on SQL Server 2000 (8.00.194) with no SPs, running on Windows 2000 Server SP2. HOWEVER, xp_enumgroups requires sysadmin privileges: "Execute permissions for xp_enumgroups default to members of the db_owner fixed database role in the master database and members of the sysadmin fixed server role, but can be granted to other users." So unless you explicitly give this right to some user/login it won't be an issue. The sysadmin can crash it anyways. My worry is, there are a bunch of other extended stored procs listed in the master DB that might have similar vulnerability but not restricted as to who can execute them. If this is indeed is the case then the patch is a "must-install" if you allow workstations to connect directly and login to your SQL Server. > -----Original Message----- > From: Microsoft > [mailto:0_29486_DD755D68-884D-464F-9160-D7BC19343BFF_US@Newsle > tters.Micr > osoft.com] > Sent: Thursday, April 18, 2002 4:38 > To: Toni Lassila > Subject: Microsoft Security Bulletin MS02-020:SQL Extended Procedure > Functions Contain Unchecked Buffers (Q319507) > > Issue: > ====== > SQL Server 7.0 and 2000 provide for extended stored procedures, > which are external routines written in a programming language such > as C. These procedures appear to users as normal stored procedures > and are executed in the same way. SQL Server 7.0 and 2000 include > a number of extended stored procedures which are used for various > helper functions -- Toni Lassila toni.lassila@mc-europe.com Operations Engineer +358 9 5655 1882
This archive was generated by hypermail 2b30 : Thu Apr 18 2002 - 18:39:53 PDT