HomeDatabase News

SQL Server Named Pipe Privilege Escalation Vulnerability

DatabaseJournal.com Staff
By DatabaseJournal.com Staff

[From Secunia]

A vulnerability has been identified in SQL Server, which can be exploited by malicious, local users to escalate their privileges on a vulnerable system.

The vulnerability is caused due to a general error in the “CreateFile” API and an attack vector exists in SQL Server making it possible to gain the privileges of the SQL Server. This can be exploited by specifying the UNC name of a named pipe instead of a file as an argument to the “xp_fileexist” extended stored procedure.

The article continues at

http://www.secunia.com/advisories/9229/

DatabaseJournal.com Staff
DatabaseJournal.com Staff
Previous article
Oh Danny Boy, The DBMS_PIPES Are Calling
Next article
Saved by the APAR or How to Use IBM’s Self Help Web Support

Related Articles

Get the Free Newsletter!

Subscribe to Cloud Insider for top news, trends & analysis

Latest Articles

DatabaseJournal.com publishes relevant, up-to-date and pragmatic articles on the use of database hardware and management tools and serves as a forum for professional knowledge about proprietary, open source and cloud-based databases--foundational technology for all IT systems. We publish insightful articles about new products, best practices and trends; readers help each other out on various database questions and problems. Database management systems (DBMS) and database security processes are also key areas of focus at DatabaseJournal.com.

Advertisers

Advertise with TechnologyAdvice on Database Journal and our other IT-focused platforms.

Advertise with Us

Menu

Our Brands

Property of TechnologyAdvice.
© 2024 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.