|
Buffer Overflow in Microsoft SQL Server: Protegrity encryption
March 18, 2003
To determine if you are vulnerable to this issue, download AppDetective™
for Microsoft SQL Server from http://www.appsecinc.com/products/appdetective/mssql/
Risk Level: High
Threat:
This buffer overflow may allow an attacker to gain full
administrative access on the SQL Server and decrypt sensitive data.
Summary:
Protegrity's is a vendor which develops encryption product for Microsoft
SQL Server. Their product contains several extended stored procedures
which are vulnerable to buffer overflows. These buffer overflows are
exploitable and allow a remote attacker to execute arbitrary code, gain
access to databases, or cause a denial of service.
Details:
Protegrity's encryption product for Microsoft SQL Server is accessed
through extended stored procedures. These extended stored procedures
execute under the security context and in the process space of SQL
Server. It is very common for this to run as LocalSystem.
Buffer overflows have been discovered in the following extended stored
procedures:
xp_pty_checkusers
xp_pty_insert
xp_pty_select
These extended stored procedures could be exploited by maliciously
crafted SQL commands.
References:
http://www.kb.cert.org/vuls/id/247545.
|
