[26818] in bugtraq
Re: Microsoft SQL Server Agent Jobs Vulnerabilities (#NISR15002002B)
daemon@ATHENA.MIT.EDU (David Litchfield)
Mon Aug 26 15:42:53 2002
Message-ID: <001701c24d34$30d09790$2f01010a@HEPHAESTUS>
From: "David Litchfield" <david@ngssoftware.com>
To: "Brent Glover" <brent.glover@team.telstraclear.co.nz>,
<bugtraq@securityfocus.com>
Date: Mon, 26 Aug 2002 20:10:06 +0100
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
> In-Reply-To: <015601c244d2$fa6f8a30$2500a8c0@HEPHAESTUS>
>
> IMHO - This is more a human error driven feature than a high risk
> vulnerability.
>
> Whilst what David says is true - the assumption has been made that a login
> has access to the "msdb" database by default - this assumption is
> incorrect.
>
> The only way this vulnerability can be exploited is if a DBA (mad of
> course ;-)) has given access for a login account to the "msdb" database.
>
No. This is incorrect. By default the 'guest' user is enabled on the msdb
database. A login that has not been given specific access to the msdb
database can access it as 'guest'; and as 'guest' is a member of the public
role anyone can submit jobs.
> Brent Glover
> Database specialist
David Litchfield
