Local SQLDebugger account created by SQL Server 2000 SP3

• Previous message: Anony Mous: "NSLOOKUP overflow allows arbitrary command execution"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date:         Tue, 8 Apr 2003 14:48:01 -0700
From: Marilee Niemi <marilee.j.niemi@SF.FRB.ORG>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

An archive search did not bring up this topic as having been covered so
here goes.

Under the theory that any local NT/Windows 2000 user account which is
created by default as part of an application install is a potential
threat, I would like to warn administrators about SQL Server 2000 SP3.
Installing SQL Server 2000 SP3 creates a local account, SQLDebugger.
The account, while only a member of the Users group, has "Password never
expires" and "User cannot change password" checked by default. This is
not documented in the Readme(s) nor the Fixlist. If its there it is
buried so deep that I never found it. I opened a case with Microsoft
to find out what was going on and was told that SQLDebugger is created
as part of sqldbreg2.exe. The account is used by Visual Studio and
Query Analyzer. More information (though not much) can be found in
Q318632.

What I don't understand is why this is not documented better or even
mentioned. Administrators should certainly be told of any local
account so that they can either delete it or secure it.

Marilee Niemi

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Have you discovered a security vulnerability related to Windows or a
commercial product which runs on Windows?

Need assistance crafting the format or translating your advisory to English?

Need to verify it, or having problems contacting the Vendor?

Contact mailto:Advisories@NTBugtraq.com

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

• Previous message: Anony Mous: "NSLOOKUP overflow allows arbitrary command execution"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator ... This is common in most Pre-Installed Windows System. ... > Administrator account allows local Administrator ... IBM Systems with preinstalled Microsoft ... (Full-Disclosure) Re: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator ... This is common in most Pre-Installed Windows System. ... > Administrator account allows local Administrator ... IBM Systems with preinstalled Microsoft ... (Bugtraq) [Full-Disclosure] Re: Vulnerability in IBM Windows XP: default hidden Administrator account allows l ... This is common in most Pre-Installed Windows System. ... > Administrator account allows local Administrator ... IBM Systems with preinstalled Microsoft ... (Full-Disclosure) Re: User authentication ... With Windows authentication, ... an account is a member of Domain Admins. ... Windows account instead to run backup jobs. ... (microsoft.public.sqlserver.clients) Re: Windows vs Linux Security ... For Windows releases like ... administrator and non-administrator access. ... and best practice has been to use a regular account ... could avoid the problems by installing a video card with dedicated ... (comp.os.linux.misc)