Bugtraq mailing list archives
RE: Microsoft SQL Server 2000 'BULK INSERT' Buffer Overflow (#NISR11072002)
From: "Aaron C. Newman" <aaron () newman-family com>
Date: Thu, 11 Jul 2002 22:20:46 -0400
You only need to be granted the bulkadmin fixed server role to execute BULK INSERT. You do NOT need to have sysadmin to execute BULK INSERT (yes, I have tested this several times). So this vulnerability leads to a privilege escalation. Regards, Aaron _______________________________ Aaron C. Newman CTO/Founder Application Security, Inc. www.appsecinc.com Phone: 212-490-6022 Fax: 212-490-6456 - Protection Where It Counts - -----Original Message----- From: Hall, Philip [mailto:phall () spss com] Sent: Thursday, July 11, 2002 10:57 AM To: bugtraq () securityfocus com; ntbugtraq () listserv ntbugtraq com; vulnwatch () vulnwatch org Subject: RE: Microsoft SQL Server 2000 'BULK INSERT' Buffer Overflow (#NISR11072002)
To be able to use the 'BULK INSERT' query one must have the privileges of the database owner or dbo. Note this does not necessarily imply 'sa' equivalence.
In fact, you need to be a member of the sysadmin and bulkadmin fixed server roles to be able to execute BULK INSERT, both of these have to be explicitly set, if you're not user 'sa' --phil
Current thread:
- Microsoft SQL Server 2000 'BULK INSERT' Buffer Overflow (#NISR11072002) NGSSoftware Insight Security Research (Jul 11)
- <Possible follow-ups>
- RE: Microsoft SQL Server 2000 'BULK INSERT' Buffer Overflow (#NISR11072002) Hall, Philip (Jul 11)
- RE: Microsoft SQL Server 2000 'BULK INSERT' Buffer Overflow (#NISR11072002) Aaron C. Newman (Jul 11)