Extended stored procedure xp_cmdshell should be restricted to authorized accounts.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-2461	DM1758-SQLServer9	SV-23794r1_rule	ECLP-1	High

Description
The xp_cmdshell extended stored procedure allows execution of host executables outside the controls of database access permissions. This access may be exploited by malicious users who have compromised the integrity of the SQL Server database process to control the host operating system to perpetrate additional malicious activity.

STIG	Date
Microsoft SQL Server 2005 Instance Security Technical Implementation Guide	2015-04-03

Details

Check Text ( None )
None

Fix Text (F-19735r1_fix)
Authorize and document requirements for use of the xp_cmdshell option in the System Security Plan and AIS Functional Architecture documentation. Where not authorized, disable or restrict its use. From the query prompt: USE master REVOKE EXECUTE ON xp_cmdshell FROM [user] Replace 'user' with the user account name. From the query prompt: EXEC SP_CONFIGURE 'show advanced options', 1 EXEC SP_CONFIGURE 'xp_cmdshell', 0 RECONFIGURE

Fix Text (F-19735r1_fix)

Authorize and document requirements for use of the xp_cmdshell option in the System Security Plan and AIS Functional Architecture documentation. Where not authorized, disable or restrict its use.

From the query prompt:

USE master
REVOKE EXECUTE ON xp_cmdshell FROM [user]

Replace 'user' with the user account name.

From the query prompt:

EXEC SP_CONFIGURE 'show advanced options', 1
EXEC SP_CONFIGURE 'xp_cmdshell', 0
RECONFIGURE