Home page logo
/

bugtraq logo Bugtraq mailing list archives

New Paper - Violating Database Enforced Security Mechanisms
From: "Chris Anley" <chris () ngssoftware com>
Date: Mon, 24 Jun 2002 19:19:04 +0100

Hi folks,

I've written a paper on runtime patching of database server code, which can
be found here:

http://www.ngssoftware.com/papers/violating_database_security.pdf

It discusses "runtime patching" exploits, specifically in the context of
Microsoft SQL Server 2000, but the techniques apply to a wide variety of
targets. The paper also documents a three byte patch that disables access
control in SQL Server, resulting (by way of some tricks) in sysadmin access
for all.

I think this kind of exploit is pretty dangerous and well worth thinking
about, hence the paper. As always, any questions, comments, flames etc will
be gratefully received. Well, received, anyhow. :o)

     -chris.




  By Date           By Thread  

Current thread:
  • New Paper - Violating Database Enforced Security Mechanisms Chris Anley (Jun 26)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]