|
COMMAND MS SQL SYSTEMS AFFECTED Microsoft SQL Server 7.0 PROBLEM Following is based on a Security Bulletin (MS00-048) from the MS. Execute permission checks on stored procedures may be bypassed when a stored procedure is referenced from a temporary stored procedure. This omission would allow a malicious user to run a stored procedure that, by design, he should not be able to access. The vulnerability only occurs under a fairly restricted set of conditions: - The database and stored procedure must be owned by the system administrator (sa) login account. - The malicious user must be able to authenticate to the SQL Server, and have user access to the referenced database. Microsoft thanks Adina Reeve of Sequiturcorp for reporting this issue and working with them to protect customers. The problem is very big. Most sites that running MS SQL server, web server and server side scripts will allow users to insert data into SQL query strings. (any kind of search engines, etc). This bug will allow not only gain access to DB data, but also to execute anything locally on server. SOLUTION Patch availability: - Intel: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=22470 - Alpha: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=22469