[25795] in bugtraq
Follow-up on Lumigent Log Explorer 3.xx extended stored
daemon@ATHENA.MIT.EDU (Murray S. Mazer)
Fri Jun 14 15:55:50 2002
Message-Id: <5.1.0.14.0.20020614135246.03afc1f0@127.0.0.1>
Date: Fri, 14 Jun 2002 14:08:27 -0400
To: bugtraq@securityfocus.com
From: "Murray S. Mazer" <murray@lumigent.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Thanks to Martin for pointing this out. We did reply to him but apparently
not before his posting. This issue will be fixed in our next scheduled
maintenance release, available in two to three weeks.
In the meantime, we recommend that you grant execute permissions on
Lumigent's extended stored procedures to trusted logins only (a useful
policy in any case).
This prevents untrusted users from invoking stored procedures with
malicious intent.
Thanks,
--Murray
>>-----Original Message-----
>>From: martin rakhmanoff [mailto:jimmers@yandex.ru]
>>Sent: Friday, June 14, 2002 8:05 AM
>>To: bugtraq@securityfocus.com
>>Subject: Lumigent Log Explorer 3.xx extended stored procedures buffer
>>overflow
>>
>>Lumigent Log Explorer is a transaction log explorer for Microsoft SQL
>>Server 7/2000. It ships with extended stored procedures implemented in
>>xp_logattach.dll. Some of them suffer from buffer overflows that lead to
>>SQL Server service crash and potentially to arbitrary code execution.
>>Below is sample code that crashes SQL Server:
>>
>>...
>>Procedures can be run only by dbo (master) by default. Vendor was informed
>>but I got no response confirming this problem and no fixes.
>>
>>Cheers
>>
>>Martin Rakhmanoff (jimmers)
>>jimmers@yandex.ru
