Protegrity Patches Database Security Software

 
 
By Lisa Vaas  |  Posted 2003-03-13 Print this article Print
 
 
 
 
 
 
 

The company plugged three buffer overflow vulnerabilities in its Secure.Data encryption technology for SQL Server 2000.

Users of some versions of Protegrity Inc.s datbabase encryption technology, Secure.Data for Microsoft SQL Server 2000, need to patch their systems. The Stamford, Conn., company late last month put out a patch to cover three buffer-overflow vulnerabilities in Secure.Datas XPs (extended stored procedures)—procedures that are used to do encryption and decryption on databases. XPs are native database hooks, the code for which is written by Protegrity. Since being informed of the vulnerabilities, the company has tested not only the reported vulnerabilities but also all code, to "make sure this was no longer a problem," according to Tom McGough, senior product manager at Protegrity, in Stamford, Conn.
According to a CERT report, the vulnerability would allow non-privileged users to gain administrative access to the database and cause a denial-of-service attack.
Releases 2.2.2 and 2.2.3 of Secure.Data are affected. According to McGough, all existing customers have been informed about the vulnerability by the companys Global Support Team, which sent out the patch and installation instructions. Customers who purchase the product after Feb. 21 will not be affected, as the patch has already been included in a new service release, Secure.Data 2.2.3.1 for SQL Server 2000. No Protegrity customers have reported security breaks, according to McGough. To find out if the patch should be installed, customers should check that the version number of the existing protegrity.dll is less than 2.2.3.9. In a default installation, the .dll file is found in C:\Program Files\Protegrity\Secure.Data Server\Cartridge\Lib. To check version number, right-click on the file and choose Properties. Click on the version tab. If the last digit of the version number is less than 9, the patch must be installed. The patch includes a new protegrity.dll file that fixes the buffer overflow vulnerability in the extended store procedures xp_pty_checkusers, xp_pty_insert and xp_pty_select. Latest Security News:
Search for more stories by Lisa Vaas.
 
 
 
 
Lisa Vaas is News Editor/Operations for eWEEK.com and also serves as editor of the Database topic center. Since 1995, she has also been a Webcast news show anchorperson and a reporter covering the IT industry. She has focused on customer relationship management technology, IT salaries and careers, effects of the H1-B visa on the technology workforce, wireless technology, security, and, most recently, databases and the technologies that touch upon them. Her articles have appeared in eWEEK's print edition, on eWEEK.com, and in the startup IT magazine PC Connection. Prior to becoming a journalist, Vaas experienced an array of eye-opening careers, including driving a cab in Boston, photographing cranky babies in shopping malls, selling cameras, typography and computer training. She stopped a hair short of finishing an M.A. in English at the University of Massachusetts in Boston. She earned a B.S. in Communications from Emerson College. She runs two open-mic reading series in Boston and currently keeps bees in her home in Mashpee, Mass.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel