Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Microsoft SQL Server Webtasks privilege upgrade

Microsoft SQL Server Webtasks privilege upgrade

by Nikola Strahija on October 17th, 2002 Using a number of flaws in the webtask functionality of Microsoft SQL Server an attacker may gain control of the database by elevating their privileges.


Details
*******
The xp_runwebtask stored procedure fails to set permissions properly when
executed and runs with the privileges of the SQL Server. xp_runwebtask can
be executed by 'PUBLIC'.

The permissions of the table that stores webtasks, namely
msdb.dbo.mswebtasks, are set loosely allowing 'PUBLIC' to INSERT, UPDATE,
DELETE and SELECT.

By updating a webtask owned by the database owner and then running it
through xp_runwebtask an attacker may elevate their privileges. In terms of
exploitation an attacker may choose to run OS commands or add themselves to
the SYSADMIN group.


Fix Information
***************
NGSSoftware alerted Microsoft to these problems on the 23rd of August.
Microsoft has released a patch that addresses these issues. For more details
please see

http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS
02-061.asp

A check and fix for these problems already exists in NGSSQuirreL, an
advanced SQL Server security management tool, of which more information
is available from the NGSSite: http://www.nextgenss.com/.



Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »