[26814] in bugtraq
Re: Microsoft SQL Server Agent Jobs Vulnerabilities (#NISR15002002B)
daemon@ATHENA.MIT.EDU (Brent Glover)
Mon Aug 26 12:15:04 2002
Date: 25 Aug 2002 21:01:12 -0000
Message-ID: <20020825210112.11230.qmail@mail.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Brent Glover <brent.glover@team.telstraclear.co.nz>
To: bugtraq@securityfocus.com
In-Reply-To: <015601c244d2$fa6f8a30$2500a8c0@HEPHAESTUS>
IMHO - This is more a human error driven feature than a high risk
vulnerability.
Whilst what David says is true - the assumption has been made that a login
has access to the "msdb" database by default - this assumption is
incorrect.
The only way this vulnerability can be exploited is if a DBA (mad of
course ;-)) has given access for a login account to the "msdb" database.
Brent Glover
Database specialist
