Vulnerability Note VU#247545
Protegrity Secure.Data for Microsoft SQL Server 2000 contains buffer overflows in extended stored procedures
Protegrity Secure.Data for Microsoft SQL Server 2000 includes several extended stored procedures that contain buffer overflow vulnerabilities. These vulnerabilities could allow a remote attacker to execute arbitrary code, gain access to databases, or cause a denial of service.
Protegrity Secure.Data for Microsoft SQL Server 2000 provides access control and encryption for individual data records. Secure.Data interacts with Microsoft SQL Server via extended stored procedures that are part of the Secure.Data Extension Feature (SEF). From Microsoft Knowledge Base Article 190987: "Extended stored procedures provide a way to dynamically load and execute a function within a dynamic-link library (DLL) in a manner similar to that of a stored procedure, seamlessly extending SQL Server functionality." Extended stored procedures execute under the security context and in the process space of SQL Server. By default, the SQL Server 2000 service runs as a Windows domain user.
Several extended stored procedures (xp_pty_checkusers, xp_pty_insert, and xp_pty_select) included as part of the SEF contain buffer overflow vulnerabilities. These extended stored procedures could be exploited by specially crafted SQL commands.
A remote attacker could execute arbitrary code with the privileges of the SQL Server process or cause a denial of service. This could give an attacker full access to databases stored on a vulnerable system.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Protegrity||Affected||08 Jan 2003||13 Mar 2003|
CVSS Metrics (Learn More)
This vulnerability was reported by <firstname.lastname@example.org>.
This document was written by Art Manion.
- CVE IDs: CAN-2003-0030
- Date Public: 13 Mar 2003
- Date First Published: 13 Mar 2003
- Date Last Updated: 13 Mar 2003
- Severity Metric: 7.52
- Document Revision: 16
If you have feedback, comments, or additional information about this vulnerability, please send us email.