besides "sa" who can run xp_cmdshell

From: nemo latin (nemo_oldat_private)
Date: Mon Aug 06 2001 - 12:32:31 PDT

  • Next message: Sacha Faust: "RE: LDAP directory"

    In our shop we have several SQL 6.5 servers with the
    probe account open (null password).  
    I have listed and tried all the stored procedures that
    it can run.  None of them are really a security
    However, I have also discovered that the DBA's have
    assigned many user accounts with a null passwword. 
    This leads to the question ..
    Is there a way to determine which accounts (other than
    SA) can run the xp_cmdshell  ?  I think that the
    ability to run this stored procedure can be assigned
    to userids other than SA.
    Is there a way to find them ??  Other than logging on
    with each userid (that has a NULL pswd - about 30 of
    them - a bad practice) and trying the xp_cmdshell.
    The other holes - such as SQL injection are all
    plugged (we seem to have pretty good asp coders) no
    other user defined sp's seems to be vulnerable.  The
    databases tables/views are being tightened up so I am
    focusing on the SQL/OS interface.
    I believe that the ability to run the xp_cmdshell has
    been given to other accounts - and I think that I may
    have to try each account !!!  
    Any short cuts to find out who can run this sp ?? 
    Do You Yahoo!?
    Make international calls for as low as $.04/minute with Yahoo! Messenger
    This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
    Service. For more information on SecurityFocus' SIA service which
    automatically alerts you to the latest security vulnerabilities please see:

    This archive was generated by hypermail 2b30 : Tue Aug 07 2001 - 15:16:28 PDT