Bugtraq: Re: Microsoft SQL Server Agent Jobs Vulnerabilities (#NISR15002002B)

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Microsoft SQL Server Agent Jobs Vulnerabilities (#NISR15002002B)

From: Brent Glover <brent.glover () team telstraclear co nz>
Date: 25 Aug 2002 21:01:12 -0000

In-Reply-To: <015601c244d2$fa6f8a30$2500a8c0 () HEPHAESTUS>

IMHO - This is more a human error driven feature than a high risk 
vulnerability.

Whilst what David says is true - the assumption has been made that a login 
has access to the "msdb" database by default - this assumption is 
incorrect.

The only way this vulnerability can be exploited is if a DBA (mad of 
course ;-)) has given access for a login account to the "msdb" database.

Brent Glover
Database specialist

By Date By Thread

Current thread:

Microsoft SQL Server Agent Jobs Vulnerabilities (#NISR15002002B) David Litchfield (Aug 16)
- <Possible follow-ups>
- Re: Microsoft SQL Server Agent Jobs Vulnerabilities (#NISR15002002B) Brent Glover (Aug 26)
  - Re: Microsoft SQL Server Agent Jobs Vulnerabilities (#NISR15002002B) David Litchfield (Aug 26)
  - Re: Microsoft SQL Server Agent Jobs Vulnerabilities (#NISR15002002B) Chip Andrews (Aug 27)