DB: MS-SQL SP_START_JOB Program Execution

This signature detects attempts to use the sp_start_job command on a Microsoft SQL Server 2000 database. A successful attack can allow the attackers to execute arbitrary code.

Extended Description

Microsoft SQL Server 2000 uses an Agent which is responsible for restarting the SQL Server service, replication, and running scheduled jobs. Some of the jobs that the Agent executes have weak permissions, which could allow a user with low permissions to perform actions on the database in the context of the SQL Server Service Account when used in conjunction with the Microsoft SQL Server Extended Stored Procedure Privilege Elevation Vulnerability (BID 5481).

Affected Products

Microsoft sql_server

References

BugTraq: 5483

CVE: CVE-2002-1138

URL: http://www.xatrix.org/article.php?s=1851 http://www.microsoft.com/technet/security/bulletin/ms02-056.mspx http://www.microsoft.com/technet/security/bulletin/ms02-043.mspx

Short Name

DB:MS-SQL:2000-SP_START_JOB

Severity

Major

Recommended

False

Recommended Action

None

DB: MS-SQL SP_START_JOB Program Execution

Extended Description

Affected Products

References

Found a potential security threat?