Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Apps :: web5489.htm

SQL server 2000 hex padding to fool trustees



27th Jun 2002 [SBWID-5489]
COMMAND

	SQL server 2000 hex padding to fool trustees

SYSTEMS AFFECTED

	SQL server 2000, probably all releases

PROBLEM

	Chris Anley of NGSSoftware posted a whitepaper available at :
	

	http://www.ngssoftware.com/papers/violating_database_security.pdf

	

	

	\"It  discusses  \"runtime  patching\"  exploits,  specifically  in  the
	context of Microsoft SQL Server 2000, but  the  techniques  apply  to  a
	wide variety of targets. The paper also documents  a  three  byte  patch
	that disables access control in SQL Server, resulting (by  way  of  some
	tricks) in sysadmin access for all.\"
	

	Cool enough to be mentioned :-)

SOLUTION

	None.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH