Database Servers on Windows XP - Unintended Consequences of Simple File Sharing
19 Dec. 2005
This paper presents some unexpected consequences of running database servers on Windows XP with Simple File Sharing enabled. In the real world, this kind of setup would typically be a developer's system and as it turns out, in some cases depending on the database software, you might not just be sharing your files but exposing both database services and data. In one case an attacker can easily gain DBA access to the database if Simple File Sharing is enabled. We'll examine the commercial databases, namely, Oracle, SQL Server, DB2, Sybase and Informix and see which are exposed, to what level and why.
What is Simple File Sharing?
Before Windows XP, to gain access to a shared file on a Windows NT or 2000 box, you needed to have a valid user ID and password - that is assuming you weren't exploiting some other means to get access. This made it difficult for people out there that wanted to share files out to the general public, so with Windows XP, Microsoft introduced Simple File Sharing. With Simple File Sharing all access is granted via the guest account. In this way, if a user is sharing music or pictures from their XP system at home, they don't have to give out a user ID and password to everyone - people wanting access are simple given access through the guest account.
For those that want to share files but not with the world and their dog, these people could just use the classic way of sharing files. By far and above the most popular way of sharing files on Windows XP is with Simple File Sharing. As we'll see shortly, this has a significant impact on the security of a computer if a database server has been installed. But before exploring this let's look at the differences between simple and normal file sharing.