In our shop we have several SQL 6.5 servers with the probe account open (null password). I have listed and tried all the stored procedures that it can run. None of them are really a security exposure. However, I have also discovered that the DBA's have assigned many user accounts with a null passwword. This leads to the question .. Is there a way to determine which accounts (other than SA) can run the xp_cmdshell ? I think that the ability to run this stored procedure can be assigned to userids other than SA. Is there a way to find them ?? Other than logging on with each userid (that has a NULL pswd - about 30 of them - a bad practice) and trying the xp_cmdshell. The other holes - such as SQL injection are all plugged (we seem to have pretty good asp coders) no other user defined sp's seems to be vulnerable. The databases tables/views are being tightened up so I am focusing on the SQL/OS interface. I believe that the ability to run the xp_cmdshell has been given to other accounts - and I think that I may have to try each account !!! Any short cuts to find out who can run this sp ?? :) nemo_old __________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Tue Aug 07 2001 - 15:16:28 PDT