COMMAND

    MS SQL

SYSTEMS AFFECTED

    Microsoft SQL Server 7.0

PROBLEM

    Following is based on a Security Bulletin (MS00-048) from the  MS.
    Execute permission  checks on  stored procedures  may be  bypassed
    when  a  stored  procedure  is  referenced from a temporary stored
    procedure.  This  omission would allow  a malicious user  to run a
    stored procedure that, by design, he should not be able to access.
    The vulnerability  only occurs  under a  fairly restricted  set of
    conditions:

      - The database and stored procedure must be owned by the  system
        administrator (sa) login account.
      - The  malicious user  must be  able to  authenticate to the SQL
        Server, and have user access to the referenced database.

    Microsoft thanks  Adina Reeve  of Sequiturcorp  for reporting this
    issue and working with them to protect customers.

    The problem is very big.   Most sites that running MS SQL  server,
    web server  and server  side scripts  will allow  users to  insert
    data into SQL  query strings. (any  kind of search  engines, etc).
    This bug will allow not only  gain access to DB data, but  also to
    execute anything locally on server.

SOLUTION

    Patch availability:

      - Intel: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=22470
      - Alpha: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=22469