Bugtraq mailing list archives
Follow-up on Lumigent Log Explorer 3.xx extended stored procedures buffer overflow
From: "Murray S. Mazer" <murray () lumigent com>
Date: Fri, 14 Jun 2002 14:08:27 -0400
Thanks to Martin for pointing this out. We did reply to him but apparently not before his posting. This issue will be fixed in our next scheduled maintenance release, available in two to three weeks. In the meantime, we recommend that you grant execute permissions on Lumigent's extended stored procedures to trusted logins only (a useful policy in any case). This prevents untrusted users from invoking stored procedures with malicious intent. Thanks, --Murray
-----Original Message----- From: martin rakhmanoff [mailto:jimmers () yandex ru] Sent: Friday, June 14, 2002 8:05 AM To: bugtraq () securityfocus com Subject: Lumigent Log Explorer 3.xx extended stored procedures buffer overflow Lumigent Log Explorer is a transaction log explorer for Microsoft SQL Server 7/2000. It ships with extended stored procedures implemented in xp_logattach.dll. Some of them suffer from buffer overflows that lead to SQL Server service crash and potentially to arbitrary code execution. Below is sample code that crashes SQL Server: ... Procedures can be run only by dbo (master) by default. Vendor was informed but I got no response confirming this problem and no fixes. Cheers Martin Rakhmanoff (jimmers) jimmers () yandex ru
Current thread:
- Follow-up on Lumigent Log Explorer 3.xx extended stored procedures buffer overflow Murray S. Mazer (Jun 14)