RE: Microsoft SQL Server 2000 'BULK INSERT' Buffer Overflow (#NISR11072002)

From: Hall, Philip (phall@spss.com)
Date: 07/11/02


Date: Thu, 11 Jul 2002 09:57:03 -0500
From: "Hall, Philip" <phall@spss.com>
To: <bugtraq@securityfocus.com>, <ntbugtraq@listserv.ntbugtraq.com>, <vulnwatch@vulnwatch.org>


> To be able to use the 'BULK INSERT' query one must have the
> privileges of the database owner or dbo. Note this does not
> necessarily imply 'sa' equivalence.

In fact, you need to be a member of the sysadmin and bulkadmin fixed server roles to be able to execute BULK INSERT, both of these have to be explicitly set, if you're not user 'sa'

--phil