3.5 Ensure updates to system tables are not permitted

Information

Sybase ASE can protect system tables from direct or accidental alteration through SQL
queries via the allow updates to system tables configuration parameter.

This setting is enabled by default. It is recommended that this setting is re-enabled if it has
been disabled.

Rationale:

An attacker with sufficient privilege can re-enable direct updates to system tables, but this
configuration setting should protect against accidental alterations and will aid the audit
trail.

Solution

1. Connect to the ASE server as a user with the sso_role and execute the following
SQL statement:

exec sp_configure 'allow updates to system tables', 0

See Also

https://workbench.cisecurity.org/files/1612