Protegrity Patches Database Security App

By Lisa Vaas  |  Posted 2003-03-24 Print this article Print

Users of some versions of Protegrity Inc.'s database encryption technology, Secure.Data for Microsoft Corp.'s SQL Server 2000, need to patch their systems.

Users of some versions of Protegrity Inc.s database encryption technology, Secure.Data for Microsoft Corp.s SQL Server 2000, need to patch their systems.

The Stamford, Conn., company late last month put out a patch to cover three buffer-overflow vulnerabilities in Secure.Datas XPs (extended stored procedures)—procedures that are used to do encryption and decryption on databases. XPs are native database hooks, the code for which is written by Protegrity.

According to a CERT Coordination Center report, the vulnerability would allow nonprivileged users to gain administrative access to the database and cause a denial-of-service attack.

Protegrity has tested not only the reported vulnerabilities in releases 2.2.2 and 2.2.3 of Secure.Data but also all code, officials said. All current customers have been informed about the vulnerability. Officials said that no customers have reported security breaks.

In light of vulnerabilities found recently in other security software, such as those in the Snort open-source network intrusion detection system and the Sendmail Mail Transfer Agent, analyst Pete Lindstrom, of Spire Security LLC, was not surprised by the Protegrity news. However, flaws in software such as Protegritys could be harrowing, he said.

"Its potentially more significant, depending on the nature of the attack and the type of product," said Lindstrom, in Malvern, Pa. "Protegrity has a key-management system. If someone can gain access to keys, it would be of more concern than if it were a firewall or an intrusion detection system, relatively speaking."

Lisa Vaas is News Editor/Operations for and also serves as editor of the Database topic center. Since 1995, she has also been a Webcast news show anchorperson and a reporter covering the IT industry. She has focused on customer relationship management technology, IT salaries and careers, effects of the H1-B visa on the technology workforce, wireless technology, security, and, most recently, databases and the technologies that touch upon them. Her articles have appeared in eWEEK's print edition, on, and in the startup IT magazine PC Connection. Prior to becoming a journalist, Vaas experienced an array of eye-opening careers, including driving a cab in Boston, photographing cranky babies in shopping malls, selling cameras, typography and computer training. She stopped a hair short of finishing an M.A. in English at the University of Massachusetts in Boston. She earned a B.S. in Communications from Emerson College. She runs two open-mic reading series in Boston and currently keeps bees in her home in Mashpee, Mass.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel