CCE-19735-0| Platform: ms-sql2000 | Date: (C)2013-02-19 (M)2022-10-10 |
Access to registry exended stored procedures should be configured appropriately.
Parameter:
From the SQL Server Management Studio GUI:
1. Connect/expand SQL Server
2. Expand Databases
3. Expand System databases
4. Expand Master
5. Expand Programmability
6. Expand Extended Stored Procedures
7. Expand System Extended Stored Procedures
8. Locate and select each of the Registry extended stored procedures listed in the Check section
9. Right click on the extended stored procedure
10. Select Properties
11. Click on the Permissions page
12. Select each user or role and select or deselect the Grant (and With Grant if checked) permissions from
all users, database roles and public except from SYSADMINs and authorized roles when permitted
13. Click OK
Technical Mechanism:
(1) user/role
| CCSS Severity: | CCSS Metrics: |
| CCSS Score : | Attack Vector: |
| Exploit Score: | Attack Complexity: |
| Impact Score: | Privileges Required: |
| Severity: | User Interaction: |
| Vector: | Scope: |
| | Confidentiality: |
| | Integrity: |
| | Availability: |
| | |
References: | Resource Id | Reference |
|---|
| DISA STIG SQL 2000 INS Version 8, Release 1.7 Benchmark Date: 27 August 2010 | Rule ID: V0002473 Rule Title: Registry extended stored procedures should be restricted to sysadmin access. STIG ID: DM2119 Severity: CAT II Class: Unclass |
