SQL Query Method Enables Cached Admin... > Discussions

March 10, 2010 Login |

Home
FAQs
       SQL Server FAQ
       SQL Injection FAQ
       SQL Security Checklist
       SQL Server-Related Products
       SQL Server/MSDE-Based Applications
       SQL Server Version Database
Tools
       Lockdown Script
       Free Tools
       Free Analysis
       Group Policy Templates
       Commercial Tools
Community
       Discussions
       Links
About
Search

SQL Security Forums

Note: SQLSecurity.com does not allow nor require registration due to privacy concerns for users. SQLSecurity.com is open and anonymous for all. Please report any abuse or profanity.

Unanswered

Active Topics

Forums

Forums > Discussions > SQL Server Security

Subject: SQL Query Method Enables Cached Admin...

Prev Next

Add Reply

Author

Messages

Cesar

10/10/2001 9:50 AM	Quote Reply Alert
hi, i wonder if this aplies to that vulnerability : Sql Server 2000 8.00.194 in Mixed Mode Log in as 'sa' and then execute SELECT * FROM OPENROWSET('SQLOLEDB','Trusted_Connection=Yes;Data Source=myserver','SET FMTONLY OFF execute master..xp_cmdshell "dir c:\"') then if you log as a non admin user you can execute exactly the same query no bother if you don't have permission. Sorry for my inglish. Thanks.

Chip Andrews

10/10/2001 11:39 AM	Quote Reply Alert
Yes - the issue you demonstrated is documented in MS01-032. If you do apply the patch then the under-privileged user will get a "Access to the remote server is denied because no login-mapping exists." error even after the 'sa' user has executed the command. The fix is included in Service Pack 1. As a side note - a patched server will report version 8.00.296 Chip

Add Reply

Forums > Discussions > SQL Server Security > SQL Query Method Enables Cached Admin...

Quick Reply

Username:
Subject:
Body:

ActiveForums 3.6