Full Disclosure mailing list archives

Re: Database servers on XP and the curious flaw

From: Dave King <davefd () davewking com>
Date: Wed, 16 Nov 2005 12:20:24 -0700

While it still may not be "millions of people" several products come
bundled with the desktop edition of SQL Server 2000, and I'm sure many
will come with SQL Server 2005 Express.  As far as I can tell by reading
the paper (but not testing it myself) these are probably vulnerable as
well if the configuration allows the guest account access to the database.

Dave King
http://www.thesecure.net


To be honest I don't think we're talking millions of people. How many
people at home run a fully fledged RDBMS on their XP systems? Very few
I'd guess. Besides, Simple File Sharing is documented so MS are
educating those willing to seek information.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Database servers on XP and the curious flaw David Litchfield (Nov 16)
- Re: Database servers on XP and the curious flaw Eliah Kagan (Nov 16)
  - Re: Database servers on XP and the curious flaw David Litchfield (Nov 16)
    - Re: Database servers on XP and the curious flaw Eliah Kagan (Nov 16)
    - Re: Database servers on XP and the curious flaw Dave King (Nov 16)
    - Re: Database servers on XP and the curious flaw James Eaton-Lee (Nov 17)
    - Re: Database servers on XP and the curious flaw Dave King (Nov 17)
  - Message not available
    - Re: Database servers on XP and the curious flaw Eliah Kagan (Nov 16)
    - RE: Database servers on XP and the curious flaw James Tucker (Nov 16)
    - Re: Database servers on XP and the curious flaw Eliah Kagan (Nov 16)