Bugtraq: RE: Microsoft SQL Server 2000 'BULK INSERT' Buffer Overflow (#NISR11072002)

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

RE: Microsoft SQL Server 2000 'BULK INSERT' Buffer Overflow (#NISR11072002)

From: "Hall, Philip" <phall () spss com>
Date: Thu, 11 Jul 2002 09:57:03 -0500

To be able to use the 'BULK INSERT' query one must have the 
privileges of the database owner or dbo. Note this does not
necessarily imply 'sa' equivalence.


In fact, you need to be a member of the sysadmin and bulkadmin fixed server roles to be able to execute BULK INSERT, 
both of these have to be explicitly set, if you're not user 'sa'

--phil

By Date By Thread

Current thread:

Microsoft SQL Server 2000 'BULK INSERT' Buffer Overflow (#NISR11072002) NGSSoftware Insight Security Research (Jul 11)
- <Possible follow-ups>
- RE: Microsoft SQL Server 2000 'BULK INSERT' Buffer Overflow (#NISR11072002) Hall, Philip (Jul 11)
  - RE: Microsoft SQL Server 2000 'BULK INSERT' Buffer Overflow (#NISR11072002) Aaron C. Newman (Jul 11)