In our shop we have several SQL 6.5 servers with the
probe account open (null password).
I have listed and tried all the stored procedures that
it can run. None of them are really a security
exposure.
However, I have also discovered that the DBA's have
assigned many user accounts with a null passwword.
This leads to the question ..
Is there a way to determine which accounts (other than
SA) can run the xp_cmdshell ? I think that the
ability to run this stored procedure can be assigned
to userids other than SA.
Is there a way to find them ?? Other than logging on
with each userid (that has a NULL pswd - about 30 of
them - a bad practice) and trying the xp_cmdshell.
The other holes - such as SQL injection are all
plugged (we seem to have pretty good asp coders) no
other user defined sp's seems to be vulnerable. The
databases tables/views are being tightened up so I am
focusing on the SQL/OS interface.
I believe that the ability to run the xp_cmdshell has
been given to other accounts - and I think that I may
have to try each account !!!
Any short cuts to find out who can run this sp ??
:)
nemo_old
__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Received on Aug 07 2001
Intro
