SQL Server 2000 Vulnerablities
- From: opokad06 <opokad06@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 22 Aug 2008 10:25:01 -0700
A scan was performed on our Database Servers by AppSec Inc. One vulnerability
is Permissions to execute the registry extended stored procedures have been
grated to a user or group. The user in question is Public, their
recommendation is to revoke excecute on xp_regread from public.
I am yet to find any documentation on the web that supports their claim.
Both MSSQL Service and MSSQL Agent run under domain names with least
privlieges.
Any suggestions will be greatly appreciated.
Thank you.
KPoku
.
- Prev by Date: Re: sp_revoke login is not working as expected.
- Next by Date: RE: Setuser failed?
- Previous by thread: RE: Setuser failed?
- Next by thread: "No Mapping between account names and security IDs..."
- Index(es):
