20CN网络安全小组 - Microsoft SQL Server OLE DB Provider Name缓冲溢出漏洞

您当前的位置 >> 首页

Microsoft SQL Server OLE DB Provider Name缓冲溢出漏洞

/ns/ld/win/data/20020326182431.htm

翻译：晓澜 <http://www.unsecret.org>
　　　QQ: 42449970
---------------------------------------------

作者：c <cesarc56@yahoo.com>
发布日期：2002-2-19
上传日期：2002-2-24
来源：http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=credit&id=4135

远程漏洞

受影响系统
Microsoft SQL Server 7.0SP3 alpha
Microsoft SQL Server 7.0SP3
- Microsoft SQL Server 7.0
Microsoft SQL Server 7.0SP2 alpha
Microsoft SQL Server 7.0SP2
- Microsoft SQL Server 7.0
Microsoft SQL Server 7.0SP1 alpha
Microsoft SQL Server 7.0SP1
- Microsoft SQL Server 7.0
Microsoft SQL Server 7.0alpha
Microsoft SQL Server 7.0
- Microsoft BackOffice 4.5
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
- Microsoft Windows NT 4.0SP2
- Microsoft Windows NT 4.0SP3
- Microsoft Windows NT 4.0SP4
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6
- Microsoft Windows NT 4.0SP6a
Microsoft SQL Server 2000 SP2
Microsoft SQL Server 2000 SP1
- Microsoft Windows 2000 Workstation
- Microsoft Windows 2000 Workstation SP1
- Microsoft Windows 2000 Workstation SP2
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6
- Microsoft Windows NT 4.0SP6a
Microsoft SQL Server 2000
- Microsoft Windows 2000 Workstation
- Microsoft Windows 2000 Workstation SP1
- Microsoft Windows 2000 Workstation SP2
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP5
- Microsoft Windows NT 4.0SP6
- Microsoft Windows NT 4.0SP6a

Microsoft SQL Server没有对OpenDataSource和OpenRowset函数的输入进行很好的检查。如果提交很长的
provider name则可能导致缓冲溢出。

成功溢出可导致攻击者在数据库中执行权限下的任意命令。

该漏洞也可进行远程攻击。

解决方法：

微软已经发布了相应的补丁

Microsoft SQL Server 2000 SP2:

Microsoft Patch Q316333
http://support.microsoft.com/default.aspx?scid=http://download.microsoft.com/download/SQLSVR2
000/Update/8.00.0578/W982KMeXP/EN-US/8.00.0578.exe

Microsoft SQL Server 2000 SP1:
Microsoft SQL Server 2000 :
Microsoft SQL Server 7.0SP3 alpha:

Microsoft Patch Q318268
http://support.microsoft.com/default.aspx?scid=http://download.microsoft.com/download/sql70/U
pdate/s71021a/ALPHA/EN-US/s71021a.exe

Microsoft SQL Server 7.0SP3:

Microsoft Patch Q318268
http://support.microsoft.com/default.aspx?scid=http://download.microsoft.com/download/sql70/U
pdate/s71021i/WIN98MeXP/EN-US/s71021i.exe

Microsoft SQL Server 7.0SP2 alpha:
Microsoft SQL Server 7.0SP2:
Microsoft SQL Server 7.0SP1 alpha:
Microsoft SQL Server 7.0SP1:
Microsoft SQL Server 7.0alpha:
Microsoft SQL Server 7.0: