RE: Microsoft SQL Server 2000 'BULK INSERT' Buffer Overflow (#NISR11072002)
From: Hall, Philip (phall@spss.com)Date: 07/11/02
- Previous message: SGI Security Coordinator: "IRIX DNS resolver vulnerability"
- Maybe in reply to: NGSSoftware Insight Security Research: "Microsoft SQL Server 2000 'BULK INSERT' Buffer Overflow (#NISR11072002)"
- Next in thread: Aaron C. Newman: "RE: Microsoft SQL Server 2000 'BULK INSERT' Buffer Overflow (#NISR11072002)"
- Reply: Aaron C. Newman: "RE: Microsoft SQL Server 2000 'BULK INSERT' Buffer Overflow (#NISR11072002)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 11 Jul 2002 09:57:03 -0500 From: "Hall, Philip" <phall@spss.com> To: <bugtraq@securityfocus.com>, <ntbugtraq@listserv.ntbugtraq.com>, <vulnwatch@vulnwatch.org>
> To be able to use the 'BULK INSERT' query one must have the
> privileges of the database owner or dbo. Note this does not
> necessarily imply 'sa' equivalence.
In fact, you need to be a member of the sysadmin and bulkadmin fixed server roles to be able to execute BULK INSERT, both of these have to be explicitly set, if you're not user 'sa'
--phil
- Previous message: SGI Security Coordinator: "IRIX DNS resolver vulnerability"
- Maybe in reply to: NGSSoftware Insight Security Research: "Microsoft SQL Server 2000 'BULK INSERT' Buffer Overflow (#NISR11072002)"
- Next in thread: Aaron C. Newman: "RE: Microsoft SQL Server 2000 'BULK INSERT' Buffer Overflow (#NISR11072002)"
- Reply: Aaron C. Newman: "RE: Microsoft SQL Server 2000 'BULK INSERT' Buffer Overflow (#NISR11072002)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
