Re: Microsoft SQL Server password cracking

• Previous message: Ben Hutchings: "Re: Microsoft SQL Server password cracking"
• Maybe in reply to: Barry Dorrans: "Microsoft SQL Server password cracking"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date:         Wed, 10 Jul 2002 13:46:14 -0700
From: "Deus, Attonbitus" <Thor@HAMMEROFGOD.COM>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 01:22 PM 7/10/2002, Ben Hutchings wrote:

>You have misunderstood what the paper says.

Indeed I did- grossly...

>The patch is for the server
>executable (or the in-memory image); SQL Server may have poor security but
>it doesn't rely on client-side authentication! So it would be a useful
>payload for a buffer overflow exploit, but it does not in itself represent
>a vulnerability.

Thank you for pointing that out- even after an email exchange between
myself and the author, I still did not get that... I thought that was the
reason for the paper- now seeing that it requires some other means of
patching on the server mitigates most, if not all, of my concerns in the
matter. I actually feel a bit foolish now in thinking what I though ;)

Here's to being obtuse: Cheers!

AD

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA/AwUBPSydFohsmyD15h5gEQKcEgCg0ARr+cVL2uWXavdqSZqE78FLQfkAn3KO
t3ZmLcPVgwZGum5Jkve7jG6G
=fxmE
-----END PGP SIGNATURE-----

• Previous message: Ben Hutchings: "Re: Microsoft SQL Server password cracking"
• Maybe in reply to: Barry Dorrans: "Microsoft SQL Server password cracking"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: 5.3-RELEASE: WARNING - WRITE_DMA interrupt timout ... My problem is not related to a SATA controller. ... Everything works pretty well on this server. ... the qmail MTA, an otherwise pretty powerful email program. ... I'm going to apply a patch to qmail in a few days. ... (freebsd-current) Re: KB917537 Failing ... four days after the patch released. ... mature server OS, an enterprise-class messaging system, and automated ... if you hit the "Restart" button ... here as I had assumed this would be a common problem.. ... (microsoft.public.windows.server.sbs) Re: FOLLOW UP : Forms Authentication Randomly Times Out (Windows 2003) ... Well there goes my theory on the patch. ... "Joe Audette" wrote in message ... > It doesn't look like we have that patch on our server. ... > had to scrap the automatic re-direction to login from the ... (microsoft.public.dotnet.framework.aspnet.security) Re: April Security Patches and SQL Server ... to track down your problems with the patch. ... > find my original post of 4/22. ... > on Win2k Server sp4). ... > these patches to the server. ... (microsoft.public.sqlserver.server) Re: Firewall für Web Edition 2003 ... Natürlich ist das nicht die einzige Massnahme, ... Patch Management-Konzept ist definitiv notwendig, ... >> geht es ausschliesslich um den Betrieb als Server. ... > Die Anfrage klang aber nicht nach: Wie installier ich ISA auf Windows ... (microsoft.public.de.german.windows.server.networking)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint