SQL Server Springs Another Leak
The problem lies in the SQL Server agent, which is responsible for various functions, including running scheduled jobs and restarting the database service if it stops. By default, low privileged users can add jobs to the SQL queue and specify the name of a file to output the results of the job to.
If specifying a file name that already exists, a user can overwrite that file. If it is a new file name, the database will simply create a new file.
By carefully crafting the database query for a given job, a user can place any contents in this file, according to a bulletin released Monday by Next Generation Security Software Ltd.
And, if the SQL Server agent is running with local system privileges, the user could overwrite operating system files and render a vulnerable machine unbootable, the advisory said.
The flaw affects SQL Server 7 and 2000.
Next Generation said they alerted Microsoft to the problem in July, and that no patch has been produced to fix the problem yet.