Microsoft SQL Server 7.0 Stored Procedure Vulnerability
BID:1444
Info
Microsoft SQL Server 7.0 Stored Procedure Vulnerability
| Bugtraq ID: | 1444 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Jul 07 2000 12:00AM |
| Updated: | Jul 07 2000 12:00AM |
| Credit: | Discovered by Adina Reeve and publicized in a Microsoft Security Bulletin (MS00-048) on July 7, 2000. |
| Vulnerable: |
Microsoft SQL Server 7.0 |
| Not Vulnerable: | |
Discussion
Microsoft SQL Server 7.0 Stored Procedure Vulnerability
Under certain circumstances, it is possible for a user to run Microsoft SQL Server 7.0 database stored procedure code even if they do not possess the rights to do so. This would include a full range of tasks such as modifying, viewing, or deleting entries in the database. This can be accomplished by executing a stored procedure owned by the System Administrator (sa) account that is referenced from a temporary stored procedure. SQL Server does not properly check the execute permissions on stored procedures referenced by temporary stored procedures.
Users must be authenticated on the SQL server and have access to the referring database in order to perform this exploit.
Under certain circumstances, it is possible for a user to run Microsoft SQL Server 7.0 database stored procedure code even if they do not possess the rights to do so. This would include a full range of tasks such as modifying, viewing, or deleting entries in the database. This can be accomplished by executing a stored procedure owned by the System Administrator (sa) account that is referenced from a temporary stored procedure. SQL Server does not properly check the execute permissions on stored procedures referenced by temporary stored procedures.
Users must be authenticated on the SQL server and have access to the referring database in order to perform this exploit.
Exploit / POC
Microsoft SQL Server 7.0 Stored Procedure Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Microsoft SQL Server 7.0 Stored Procedure Vulnerability
Solution:
Microsoft has released the following patches which eliminate the vulnerability:
Microsoft SQL Server 7.0
Solution:
Microsoft has released the following patches which eliminate the vulnerability:
Microsoft SQL Server 7.0
-
Microsoft Q266766
Alpha
http://download.microsoft.com/download/sql70/satspfix/7.0/ALPHA/EN-US/ S70843a.exe -
Microsoft Q266766
Intel
http://download.microsoft.com/download/sql70/satspfix/7.0/WIN98/EN-US/ S70843i.exe
References
Microsoft SQL Server 7.0 Stored Procedure Vulnerability
References:
References: