[26142] in bugtraq
RE: Microsoft SQL Server 2000 'BULK INSERT' Buffer Overflow (#NISR11072002)
daemon@ATHENA.MIT.EDU (Hall, Philip)
Thu Jul 11 23:58:52 2002
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Date: Thu, 11 Jul 2002 09:57:03 -0500
Message-ID: <0AB647D29447FA4C818A8EE43B1F4FA30ABB91@hqemail1.spss.com>
From: "Hall, Philip" <phall@spss.com>
To: <bugtraq@securityfocus.com>, <ntbugtraq@listserv.ntbugtraq.com>,
<vulnwatch@vulnwatch.org>
Content-Transfer-Encoding: 8bit
> To be able to use the 'BULK INSERT' query one must have the
> privileges of the database owner or dbo. Note this does not
> necessarily imply 'sa' equivalence.
In fact, you need to be a member of the sysadmin and bulkadmin fixed server roles to be able to execute BULK INSERT, both of these have to be explicitly set, if you're not user 'sa'
--phil
