[dbsec] New Database Security Brief

• From: "David Litchfield" <davidl@xxxxxxxxxxxxxxx>
• To: <dbsec@xxxxxxxxxxxxx>
• Date: Fri, 18 Nov 2005 14:25:41 -0000

I've just put up a Database Security Brief; the first of many to come.

http://www.databasesecurity.com/dbsec-briefs.htm

It's called a brief because there's enough meat to make it interesting but
not enough to make it a paper ;)

This brief, Snagging Security Tokens to Elevate Privileges, details how a
database server running as a low privileged user on Windows can still
provide an attacker with the ability to gain elevated privileges on the
network and suggests a change it security policy to mitigate the risk. As a
side note, this affects all network servers that offer OS based
authentication - not just database servers.

Cheers,
David

• Follow-Ups:
  • [dbsec] Re: New Database Security Brief
    • From: David Litchfield

Other related posts:

• » [dbsec] New Database Security Brief
• » [dbsec] Re: New Database Security Brief

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription