Hi
I downloaded MBSA and ran it against my SQL 2005 Server. It tells me that I have a severe risk because
'The following databases have public access.Remove the public access if it is not required - tempdb , model , msdb , ReportServer , ReportServerTempDB'
I have checked these databases and each have the Guest User but it is disabled. If I check the database properties the public role has no permissions against the listed databases.
Is this a bug with MBSA? If not how do I remove Public Access?
Hi Ewan, are you using a Xp_cmdshell enabled?
|||Hi Emanuel
I an not sure what you mean. I have installed the product MBSA on a PC running VISTA business and am scanning the SQL server from this PC. The server operating system is Windows Server 2003 R2
Regards
|||Hi Emanuel
I have now looked it up and xp_cmdshell is not enabled
Regards
|||The MBSA given't u more details about this vulnerability message?
|||Hi Emanuel
No MBSA gives no further information on this message
|||Ewan, has your sql server a valid internet ip address or any other network vulnerability?
|||I mean, does your sql server is exposed on internet?|||Hi Emanuel
Only via Reporting Services
|||I'm suggest you investigate any vulnerability on SSRS like a public access on web service.
see the link below, there is a cool tool to do a verification on any possible network vulnerability.
http://www.gfi.com/lannetscan/?adv=40&loc=3&adclickid=14102298
No comments:
Post a Comment