Short Name |
DB:MS-SQL:STOR-PROC-PRIV-UPGRD |
---|---|
Severity |
Major |
Recommended |
No |
Category |
DB |
Keywords |
MS-SQL Stored Procedure Privilege Upgrade |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit the Stored Procedure Privilege vulnerability in Microsoft SQL Server 2000 and 7.0. Attackers can construct a malicious query that calls one of three stored procedures in order to gain elevated privileges on the SQL Server.
Microsoft SQL Server 2000 uses various extended stored procedures to allow database designers to create their own external routines. Some of these extended stored procedures have weak permissions, which could allow a user with low permissions to perform actions on the database in the context of the SQL Server Service Account.