|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Aaron C. Newman (aaron_at_NEWMAN-FAMILY.COM)
Date: Thu Jul 11 2002 - 21:20:46 CDT
You only need to be granted the bulkadmin fixed server role to execute
BULK INSERT. You do NOT need to have sysadmin to execute BULK INSERT
(yes, I have tested this several times).
So this vulnerability leads to a privilege escalation.
Regards,
Aaron
_______________________________
Aaron C. Newman
CTO/Founder
Application Security, Inc.
www.appsecinc.com
Phone: 212-490-6022
Fax: 212-490-6456
- Protection Where It Counts -
-----Original Message-----
From: Hall, Philip [mailto:phall
spss.com]
Sent: Thursday, July 11, 2002 10:57 AM
To: bugtraqsecurityfocus.com; ntbugtraqlistserv.ntbugtraq.com;
vulnwatchvulnwatch.org
Subject: RE: Microsoft SQL Server 2000 'BULK INSERT' Buffer Overflow
(#NISR11072002)
> To be able to use the 'BULK INSERT' query one must have the
> privileges of the database owner or dbo. Note this does not
> necessarily imply 'sa' equivalence.
In fact, you need to be a member of the sysadmin and bulkadmin fixed
server roles to be able to execute BULK INSERT, both of these have to be
explicitly set, if you're not user 'sa'
--phil
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]