Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: New MS SQL Server vulnerability - SANS Internet Storm Center SANS ISC InfoSec Forums

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
New MS SQL Server vulnerability

A slightly belated entry to make sure everyone is aware that last week we saw a new vulnerability announced for MS SQL Server 2000, 2005 & 2005 Express Edition by Bernhard Mueller from SEC Consult. Here is the original announcement:

The above link does include a simple test script (not a full PoC) for the vulnerability.

There is a mitigation available - you can remove the vulnerable stored procedure. Microsoft hasn't provided a patch yet and hasn't provided a timeframe for delivery either.



68 Posts
In sql server 2005 you can't drop an extended stored procedure. You can deny the execute permission on it which effectively disables it.

3 Posts
In sql 2005 you can't remove an extended stored procedure. You can grant deny permission to the public user which effectivly disables it.

"In SQL Server 2005, sp_dropextendedproc does not drop system extended stored procedures. Instead, the system administrator should deny EXECUTE permission on the extended stored procedure to the public role. In SQL Server 2000, sp_dropextendedproc could be used to drop any extended stored procedure."

3 Posts

Sign Up for Free or Log In to start participating in the conversation!