Attackers with a valid account to a Microsoft SQL server 7 or 2000 could delete, update or insert all web tasks inserted by other users.
This could allow an attacker to execute tasks with the rights of the SQL Server Agent account, this is usually a "domain user", but some have installed it to run with "system" privileges.
The problem is that xp_runwebtask can be run by "PUBLIC" and the table "msdb.dbo.mswebtasks" are set so "PUBLIC" may insert, update, delete and select from the table, this allows an attacker to insert tasks which will be executed with the rights of the SQL Server Agent.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: Microsoft SQL allows privilege escalation
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.