Bugtraq mailing list archives

RE: Microsoft SQL Server 2000 'BULK INSERT' Buffer Overflow (#NISR11072002)

From: "Aaron C. Newman" <aaron () newman-family com>
Date: Thu, 11 Jul 2002 22:20:46 -0400

You only need to be granted the bulkadmin fixed server role to execute
BULK INSERT. You do NOT need to have sysadmin to execute BULK INSERT
(yes, I have tested this several times).

So this vulnerability leads to a privilege escalation.

Regards,
Aaron
_______________________________
Aaron C. Newman
CTO/Founder
Application Security, Inc.
www.appsecinc.com
Phone: 212-490-6022
Fax: 212-490-6456
- Protection Where It Counts -

-----Original Message-----
From: Hall, Philip [mailto:phall () spss com] 
Sent: Thursday, July 11, 2002 10:57 AM
To: bugtraq () securityfocus com; ntbugtraq () listserv ntbugtraq com;
vulnwatch () vulnwatch org
Subject: RE: Microsoft SQL Server 2000 'BULK INSERT' Buffer Overflow
(#NISR11072002)

To be able to use the 'BULK INSERT' query one must have the 
privileges of the database owner or dbo. Note this does not
necessarily imply 'sa' equivalence.


In fact, you need to be a member of the sysadmin and bulkadmin fixed
server roles to be able to execute BULK INSERT, both of these have to be
explicitly set, if you're not user 'sa'

--phil

Current thread:

Microsoft SQL Server 2000 'BULK INSERT' Buffer Overflow (#NISR11072002) NGSSoftware Insight Security Research (Jul 11)
- <Possible follow-ups>
- RE: Microsoft SQL Server 2000 'BULK INSERT' Buffer Overflow (#NISR11072002) Hall, Philip (Jul 11)
  - RE: Microsoft SQL Server 2000 'BULK INSERT' Buffer Overflow (#NISR11072002) Aaron C. Newman (Jul 11)