• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 909
  • Last Modified:

Unable to drop an extended stored procedure in MS SQL 2005

I read about a security vulnerability with MS SQL and I wanted to ensure that I close it up. The vulnerability apparently relates to the extended stored procedure "sp_replwritetovarbin" and it is recommended that the procedure be deleted. No one here is using it for anything that I'm aware of, so I tried to do that with no success.

I first tried to do it from query analyzer by setting the current database to master and trying to execute:

DROP PROCEDURE sp_replwritetovarbin;

This does not work and gives me the error message:
Server: Msg 3701, Level 11, State 5, Line 1
Cannot drop the procedure 'sp_replwritetovarbin', because it does not exist or you do not have permission.

Next I tried:

EXEC dbo.sp_dropextendedproc 'sp_replwritetovarbin';

I get the same error message, however. So finally, I tried to do it through the SQL Management Studio on the database server. In the Object Explorer, I went to SERVER | Databases | System Databases | master | Programmability | Extended Stored Procedures | System Extended Stored Procedures. From this node, I right-clicked on sys.sp_replwritetovarbin and selected Delete. The "Delete Object" window appears, I click OK, and it gives me that same error message saying the procedure doesn't exist or I don't have permissions.

The problem I see with this is that I am doing all of this using the "sa" account, so I should be able to do anything right?
0
elorc
Asked:
elorc
  • 2
1 Solution
 
Anthony PerkinsCommented:
See here:
Microsoft Security Advisory: Vulnerability in SQL Server could allow remote code execution
http://support.microsoft.com/kb/961040

Or just update SQL Server.
0
 
Anthony PerkinsCommented:
All you have to do is deny EXECUTE permissions on it as in:
DENY EXECUTE On sp_replwritetovarbin TO PUBLIC

Or again simply fix it.
0
 
elorcAuthor Commented:
Sweet. I'll review the link you provided. Thanks!
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now