MAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, August 25, 2002 5:01 PM
Subject: Re: Microsoft SQL Server Agent Jobs Vulnerabilities
(#NISR15002002B)
> In-Reply-To: <015601c244d2$fa6f8a30$2500a8c0@HEPHAESTUS>
>
> IMHO - This is more a human error driven featu
> In-Reply-To: <015601c244d2$fa6f8a30$2500a8c0@HEPHAESTUS>
>
> IMHO - This is more a human error driven feature than a high risk
> vulnerability.
>
> Whilst what David says is true - the assumption has been made that a login
> has access to the "msdb" database by default - this assumption is
> inc
In-Reply-To: <015601c244d2$fa6f8a30$2500a8c0@HEPHAESTUS>
IMHO - This is more a human error driven feature than a high risk
vulnerability.
Whilst what David says is true - the assumption has been made that a login
has access to the "msdb" database by default - this assumption is
incorrect
NGSSoftware Insight Security Research Advisory
Name: SQL Agent Jobs
Systems: Microsoft SQL Server 2000 and 7
Severity: High Risk
Category: Privilege Escalation
Vendor URL: http://www.microsoft.com/
Author: David Litchfield ([EMAIL PROTECTED])
Advisory URL: http://www.ngssoftware.com/advisories/ms