COMMAND

	SQL server 2000 hex padding to fool trustees

SYSTEMS AFFECTED

	SQL server 2000, probably all releases

PROBLEM

	Chris Anley of NGSSoftware posted a whitepaper available at :
	

	http://www.ngssoftware.com/papers/violating_database_security.pdf

	

	

	\"It  discusses  \"runtime  patching\"  exploits,  specifically  in  the
	context of Microsoft SQL Server 2000, but  the  techniques  apply  to  a
	wide variety of targets. The paper also documents  a  three  byte  patch
	that disables access control in SQL Server, resulting (by  way  of  some
	tricks) in sysadmin access for all.\"
	

	Cool enough to be mentioned :-)

SOLUTION

	None.