Users of some versions of Protegrity Inc.'s database encryption technology, Secure.Data for Microsoft Corp.'s SQL Server 2000, need to patch their systems.
The Stamford, Conn., company late last month put out a patch to cover three buffer-overflow vulnerabilities in Secure.Data's XPs (extended stored procedures)--procedures that are used to do encryption and decryption on databases. XPs are native database hooks, the code for which is written by Protegrity.
According to a CERT Coordination Center report, the vulnerability would allow nonprivileged users to gain administrative access to the database and cause a denial-of-service attack.
The article continues at