You only need to be granted the bulkadmin fixed server role to execute
BULK INSERT. You do NOT need to have sysadmin to execute BULK INSERT
(yes, I have tested this several times).
So this vulnerability leads to a privilege escalation.
Regards,
Aaron
___
Aaron C. Newm
> To be able to use the 'BULK INSERT' query one must have the
> privileges of the database owner or dbo. Note this does not
> necessarily imply 'sa' equivalence.
In fact, you need to be a member of the sysadmin and bulkadmin fixed server roles to
be able to execute BULK INSERT, both of these h
[EMAIL PROTECTED]
--On Thursday, July 11, 2002 8:51 AM +0200 Jonas Koch
<[EMAIL PROTECTED]> wrote:
> Does anyone know of a contact at Tiny Software and Sygate
> to which advisories concerning their Personal Firewall
> products can be submitted?
Paul Schmehl ([EMAIL PROTECTED])
Supervisor of Su
bugtraq id 3162: "When more than one remote node filtering rule is applied, the first
filtering rule
is the only one that takes effect."
Although bugtraq id 3162 reports that ZyXel released a firmware update 2.50(AL.1) to
fix this
vulnerability for the Prestige 642 routers it seems this bug is
-BEGIN PGP SIGNED MESSAGE-
_
SGI Security Advisory
Title: DNS resolver vulnerability
Number: 20020701-01-I
Date: July 11, 2002
Reference:
Correct me if I am wrong about this, but I believe the MTU changes the size
of an IP packet not a frame. So if you increase the size of a packet by
increasing the MTU, you will just cause more packet fragmentation. The VPN
Client software allows you to reduce the MTU so that when encryption
over
Jonas,
I would be happy to review any advisories concerning Sygate Personal
Firewall or Sygate Secure Enterprise and take appropriate actions. In the
past, we have acted based on information provided by bugtraq subscribers to
improve the security functionality of Sygate products. We welcome any
c
I just updated to the latest ROM last night. I put in my Linksys 802.11b
wireless card and did a port scan. I can see ports 111, 4242, 4243, & 4992,
but I can't seem to connect to any of them. I'm behind a firewall at work
and at home, so I'm not extremely worried, but I would like it to be as
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : Resolver libraries
SUMMARY : Resolver libra
##
Application: Popcorn (http://www.ultrafunk.com)
Version: All the version, because it is no more supported (however
the latest is 1.20)
Bug: Multiple vulnerabilities
Risk:Remote DoS
Author:
What about modifying the search order of `lookupd` and telling it to use
/etc/hosts and then using an entry in /etc/hosts to statically identify
swquery.apple.com? Might be a viable work-around?
-C
On Mon, 2002-07-08 at 09:42, Julian Suschlik wrote:
> Hi,
>
> Am Sonntag den, 7. Juli 2002, um 0
To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
__
Caldera International, Inc. Security Advisory
Subject:UnixWare 7.1.1 Open UNIX 8.0.0 : rpc.ttdbserverd file creation
and del
I have produced an exploit, based on Thor's advisory about
the OBJECT Cross-Domain scripting attack, that allows users
to read some types of files (e.g, INI, BAT, ...) that aren't
normally readable through most vulnerabilities.
The exploit is available at:
http://www.murphy.101main.net/localread.
On Wed, 10 Jul 2002, SURUAZ wrote:
> Synopsis:
>
> The Sharp(R) Zaurus(tm) SL-5000D and SL-5500 have multiple security
> vulnerabilities in design and implementation that affect system
> security.
...
> Fixes:
>
> Vulnerability 1: Remote filesystem access
>
> Zaurus users who use ethernet or PPP
Recently, I reported on a vulnerability in the Urlcount.cgi script of
Lil'HTTP Server (Summit Computer Networks). This time, another
CGI (pbcgi.cgi) has been found vulnerable to cross-site scripting.
Some versions of this CGI will take the form input you POST/GET
to it, and break it into name/e-
Hi all,
I've received many responses about my paper on SQL Server passwords
http://www.nextgenss.com/papers/cracking-sql-passwords.pdf ] and how they
are hashed, most of those responses being along the lines of 'but only sa
can get the hashes so what is the use in knowing this?'.
Well there are
Does anyone know of a contact at Tiny Software and Sygate to which
advisories concerning their Personal Firewall products can be submitted?
Thanks,
Jonas
-BEGIN PGP SIGNED MESSAGE-
CERT Advisory CA-2002-20 Multiple Vulnerabilities in CDE ToolTalk
Original release date: July 10, 2002
Last revised: --
Source: CERT/CC
A complete revision history can be found at the end of this file.
Systems Affected
* Systems running C
Security Advisory
Name:SQL Server 7 & 2000 Installation process and
Service Packs write encoded passwords to a file.
System Affected :Sql Server 7 & 2000, latest
Service Packs.
Severity :High.
Author:Cesar Cerrudo.
Date:07/11/2002
Advisory Number:CC070204
Overview:
Whe
Portcullis Security Advisory
Directory Traversal Vulnerability in SunPS iRunbook 2.5.2
Vulnerability discovery and development: John Clayton, Portcullis Security
Testing Services Team Leader
Affected system: SunPS iRunbook Version 2.5.2 complied by Mike Corlett -
15:00 - 8th January 2002 runni
NGSSoftware Insight Security Research Advisory
Name: BULK INSERT Buffer Overflow
Systems Affected: Microsoft SQL Server 2000
Severity: Medium
Category: Buffer Overrun
Vendor URL: http://www.microsoft.com/
Authors: Mark Litchfield ([EMAIL PROTECTED])
Advisory URL: http://www.ngssoftware.com/ad
21 matches
Mail list logo