Users login

Create an account »


Users login

Home » Hacking News » Microsoft SQL Server Extended Stored Procdure privilege upgrade vuln.

Microsoft SQL Server Extended Stored Procdure privilege upgrade vuln.

by Nikola Strahija on August 16th, 2002 Microsoft SQL Server 2000 and 7 extends functionality by using extended stored procedures. Three particular extended stored procedures contain a vulnerability that allow a low privileged user to run abritrary SQL queries in the context of the account running SQL Server.

SQL Server supports two forms of authentication. The first is where a user
uses an SQL login and password to authenticate and the second is through
Windows Authentication. Any user authenticated by Windows can "upgrade"
their privileges to that of the account running the SQL Server by using one
of three extended stored procedures. These stored procedures allow a user to
run an arbitrary SQL query. By exploiting this problem a low privileged user
will be able to run any stored procedure, extended or otherwise, and select
from, update or insert into any table in any database. That is by exploiting
these holes an attacker can fully compromise the database server and its
data. Whilst an SQL Login user can not directly exploit this vulnerability
they can do so indirectly by submitting a job to the SQL Agent. As this the
SQL Agent authenticates to the SQL Server and runs in the context of Windows
account these vulnerabilities can be exploited. Please see NGSSoftware alert
NISR15002002A ( for
more details.

Fix Information
NGSSoftware informed Microsoft of these issues in July. Microsoft has
produced a patch that resolves these issues. Please see

for more details.

For those SQL Server database administrators who are not able to patch
immediately NGSSoftware recommend that they remove public access to these
stored procedures. This will prevent low privileged users from accessing
these extended stored procedures.


A check for this vulnerability has been added to Typhon II, NGSSoftware's
vulnerability assessment scanner, of which, more information is available
from the NGSSite,

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »