Extended stored procedure xp_cmdshell should be restricted to authorized accounts.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-2461 | DM1758-SQLServer9 | SV-23794r1_rule | ECLP-1 | High |
| Description |
|---|
| The xp_cmdshell extended stored procedure allows execution of host executables outside the controls of database access permissions. This access may be exploited by malicious users who have compromised the integrity of the SQL Server database process to control the host operating system to perpetrate additional malicious activity. |
| STIG | Date |
|---|---|
| Microsoft SQL Server 2005 Instance Security Technical Implementation Guide | 2015-04-03 |
Details
| Check Text ( None ) |
|---|
| None |
| Fix Text (F-19735r1_fix) |
|---|
| Authorize and document requirements for use of the xp_cmdshell option in the System Security Plan and AIS Functional Architecture documentation. Where not authorized, disable or restrict its use. From the query prompt: USE master REVOKE EXECUTE ON xp_cmdshell FROM [user] Replace 'user' with the user account name. From the query prompt: EXEC SP_CONFIGURE 'show advanced options', 1 EXEC SP_CONFIGURE 'xp_cmdshell', 0 RECONFIGURE |