| VID |
21213 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The vulnerable CGI /msadc/msadcs.dll is detected.
Microsoft Data Access Components (MDAC) is a collection of utilities and routines to process requests between databases and network applications, which provides the functionality for a number of database operations. It is included by default as part of Windows XP, Windows 2000, and Windows Millennium and available for download as a stand-alone technology in its own right. One of the MDAC components, known as Remote Data Services (RDS), provides functionality that a client's requests for service from a back-end database are intermediated through a web site.
If this CGI files exists, your system is vulnerable to two vulnerabilities such as the follow :
First, there is one vulnerability in the DataFactory object of RDS. It could allow an attacker to send a SQL query to OLE database data sources using a web browser and to knows the correct IP address, SQL account and password, and database name. This vulnerability is compounded by the fact that many SQL databases contain a default administrator username ("sa") with a null password. In addition, under some configurations this vulnerability could allow an attacker to execute shell commands or access files on the IIS server as a privileged user.
* Platforms Affected:
Microsoft Data Access Components (MDAC) 1.5
Microsoft Data Access Components (MDAC) 2.0
Microsoft Data Access Components (MDAC) 2.1 Upgrade
Microsoft Data Access Components (MDAC) 2.1 Clean
Microsoft Internet Explorer 3.0
Microsoft Internet Explorer 4.0
Second, there is one vulnerability in a function called the RDS Data Stub, whose purpose it is to parse incoming HTTP requests and generate RDS commands. By sending a specially malformed HTTP request to the Data Stub, remote attackers cause data of them choice to overrun onto the heap. This vulnerability affects both web servers and web clients. For web server, an attacker would need to establish a connection with the server and then send a specially malformed HTTP request to it, that would have the effect of overrunning the buffer with the attacker's chosen data. For web clients, they are at risk in almost every case, as the RDS Data Stub is included with all current versions of Internet Explorer and there is no option to disable it. An attacker would need to host a web page that, when opened, would send an HTTP reply to the user's system and overrun the buffer with the attacker's chosen data. The web page could be hosted on a web site or sent directly to users as an HTML Mail. This vulnerability don't affect Windows XP, or who have installed MDAC 2.7 on their systems.
* References:
http://online.securityfocus.com/bid/6214
* Platforms Affected:
Microsoft Data Access Components (MDAC) 2.1
Microsoft Data Access Components (MDAC) 2.5
Microsoft Data Access Components (MDAC) 2.6
Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.0
* Note : This check item might be a "False Positive" , since it checks the presence of msadcs.dll file. |
| Recommendation |
Delete the /msadc virtual directory from the default Web site, if RDS functionality is not needed.
-- OR --
Remove all sample pages of RDS from the system. That is, delete the [system drive]:\Program Files\Commcon Files\System\msadc\samples directory.
-- OR --
Install the patch(Security Hotfix for Q329414)
1. Open the web page http://download.cnet.com/Microsoft-Data-Access-Components-Security-Hotfix-for-Q329414/3000-2070_4-10736930.html
2. Click <Download Now>
3. Download to your computer and Click it.
4. Reboot after installing the patch for web server.
-- OR --
Upgrade to the latest version of MDAC since MDAC 2.7 is not affected by this vulnerability from the web site at http://microsoft-data-access-components-mdac.en.softonic.com/ |
| Related URL |
CVE-1999-1011,CVE-2002-1142 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
