Re: List of extended sprocs that are vulnerable? FW: Microsoft Security Bulletin MS02-020

From: Bronek Kozicki (brokat_private)
Date: Thu Apr 18 2002 - 23:06:26 PDT

Next message: Bejon Parsinia: "RE: KPMG-2002013: ColdFusion Path Disclosure"

Previous message: Philippe Bourgeois: "RE: An alternative method to check LKM backdoor/rootkit"
In reply to: Toni Lassila: "List of extended sprocs that are vulnerable? FW: Microsoft Security Bulletin MS02-020"
Next in thread: J Mike Rollins: "Re: QPopper 4.0.4 buffer overflow"
Reply: J Mike Rollins: "Re: QPopper 4.0.4 buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> This MS bulletin mentions several extended stored procedures are
> vulnerable, does anyone have a list or an idea if any of these have by
> default exec permissions for the group 'public'?

As stated on http://www.appsecinc.com/resources/alerts/mssql/02-0000.html
following ext. procedures are available to 'public':
* xp_mergelineages  (MSSQL2K)
* xp_proxiedmetadata (MSSQL2K and MSSQL7)

I verified this on SQL2K - indeed, everyone with access to SQL Server may
use them.

> If this is indeed is the case then the patch is a "must-install" if you
> allow workstations to connect directly and login to your SQL Server.

Exactly.


B.

Next message: Bejon Parsinia: "RE: KPMG-2002013: ColdFusion Path Disclosure"
Previous message: Philippe Bourgeois: "RE: An alternative method to check LKM backdoor/rootkit"
In reply to: Toni Lassila: "List of extended sprocs that are vulnerable? FW: Microsoft Security Bulletin MS02-020"
Next in thread: J Mike Rollins: "Re: QPopper 4.0.4 buffer overflow"
Reply: J Mike Rollins: "Re: QPopper 4.0.4 buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 19 2002 - 10:43:19 PDT