CVE-2003-0903
CVSS10.0
发布时间 :2004-02-17 00:00:00
修订时间 :2008-09-05 00:00:00
NMCOS    

[原文]Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.


[CNNVD]Microsoft MDAC函数广播应答缓冲区溢出漏洞(MS04-003)(CNNVD-200402-072)

        
        Microsoft Data Access Components (MDAC)是一套用于Windows平台上提供数据库互连的组件。
        Microsoft MDAC函数存在一个缓冲区溢出问题,远程攻击者可以利用这个漏洞进行拒绝服务攻击,或以进程权限在系统上执行任意指令。
        当网络中的客户端尝试查看运行SQL服务器的列表计算机时,它会发送广播请求到网络中的所有设备,由于漏洞存在于特定的MDAC组件中,攻击者可以以特殊构建的包应答请求而触发缓冲区溢出。
        攻击者要成功利用此漏洞,必须获得初始化广播请求程序的相同权限。因此如果初始化广播请求的程序运行在本地系统上下文,攻击者就可以获得相同的权限。
        由于用户系统上的原始MDAC版本可以从Microsoft Web Site( http://msdn.microsoft.com/library/default.asp?url=/downloads/list/dataaccess.asp )获得更新,因此建议使用如下工具判断系统上的MDAC版本:Microsoft Knowledge Base article 301202( http://support.microsoft.com/default.aspx?kbid=301202 ) "HOW TO: Check for MDAC Version"。另外Microsoft Knowledge Base article 231943( http://support.microsoft.com/default.aspx?kbid=231943 )也讨论了MDAC版本的不同之处。
        

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-119 [内存缓冲区边界内操作的限制不恰当]

- CPE (受影响的平台与产品)

cpe:/a:microsoft:data_access_components:2.8Microsoft data_access_components 2.8
cpe:/a:microsoft:data_access_components:2.6Microsoft data_access_components 2.6
cpe:/a:microsoft:data_access_components:2.5Microsoft data_access_components 2.5
cpe:/a:microsoft:data_access_components:2.7Microsoft data_access_components 2.7

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:775Microsoft Data Access Components 2.8 Broadcast Response Buffer Overflow
oval:org.mitre.oval:def:751Microsoft Data Access Components 2.7 Broadcast Response Buffer Overflow
oval:org.mitre.oval:def:553Microsoft Data Access Components 2.6 Broadcast Response Buffer Overflow
oval:org.mitre.oval:def:525Microsoft Data Access Components 2.5 Broadcast Response Buffer Overflow
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0903
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0903
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200402-072
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/139150
(UNKNOWN)  CERT-VN  VU#139150
http://www.microsoft.com/technet/security/bulletin/ms04-003.asp
(VENDOR_ADVISORY)  MS  MS04-003
http://xforce.iss.net/xforce/xfdb/14187
(UNKNOWN)  XF  mdac-broadcastrequest-bo(14187)
http://www.securityfocus.com/bid/9407
(VENDOR_ADVISORY)  BID  9407
http://www.osvdb.org/3457
(UNKNOWN)  OSVDB  3457

- 漏洞信息

Microsoft MDAC函数广播应答缓冲区溢出漏洞(MS04-003)
危急 边界条件错误
2004-02-17 00:00:00 2005-05-13 00:00:00
远程  
        
        Microsoft Data Access Components (MDAC)是一套用于Windows平台上提供数据库互连的组件。
        Microsoft MDAC函数存在一个缓冲区溢出问题,远程攻击者可以利用这个漏洞进行拒绝服务攻击,或以进程权限在系统上执行任意指令。
        当网络中的客户端尝试查看运行SQL服务器的列表计算机时,它会发送广播请求到网络中的所有设备,由于漏洞存在于特定的MDAC组件中,攻击者可以以特殊构建的包应答请求而触发缓冲区溢出。
        攻击者要成功利用此漏洞,必须获得初始化广播请求程序的相同权限。因此如果初始化广播请求的程序运行在本地系统上下文,攻击者就可以获得相同的权限。
        由于用户系统上的原始MDAC版本可以从Microsoft Web Site( http://msdn.microsoft.com/library/default.asp?url=/downloads/list/dataaccess.asp )获得更新,因此建议使用如下工具判断系统上的MDAC版本:Microsoft Knowledge Base article 301202( http://support.microsoft.com/default.aspx?kbid=301202 ) "HOW TO: Check for MDAC Version"。另外Microsoft Knowledge Base article 231943( http://support.microsoft.com/default.aspx?kbid=231943 )也讨论了MDAC版本的不同之处。
        

- 公告与补丁

        厂商补丁:
        Microsoft
        ---------
        Microsoft已经为此发布了一个安全公告(MS04-003)以及相应补丁:
        MS04-003:Buffer Overrun in MDAC Function Could Allow Code Execution (832483)
        链接:
        http://www.microsoft.com/technet/security/bulletin/MS04-003.asp

        用户可以通过安全更新获得升级程序:
        Microsoft Download Center(
        http://go.microsoft.com/fwlink/?LinkId=21129)

        客户平台的更新可以从WindowsUpdate(
        http://go.microsoft.com/fwlink/?LinkId=21130)获得。

- 漏洞信息

3457
Microsoft MDAC Broadcast Reply Overflow
Input Manipulation
Loss of Integrity

- 漏洞描述

A remote overflow exists in Microsoft Data Access Components. The program fails to validate replies to a broadcast request resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code to run on a vulnerable machine resulting in a loss of confidentiality, integrity, and/or availability.

- 时间线

2004-01-13 2004-01-13
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Microsoft MDAC Function Broadcast Response Buffer Overrun Vulnerability
Boundary Condition Error 9407
Yes No
2004-01-13 12:00:00 2009-07-12 02:06:00
Announced by the vendor.

- 受影响的程序版本

Microsoft Data Access Components (MDAC) 2.8
+ Microsoft Windows 2000 Advanced Server SP4
+ Microsoft Windows 2000 Advanced Server SP4
+ Microsoft Windows 2000 Advanced Server SP4
+ Microsoft Windows 2000 Advanced Server SP3
+ Microsoft Windows 2000 Advanced Server SP3
+ Microsoft Windows 2000 Advanced Server SP3
+ Microsoft Windows 2000 Advanced Server SP2
+ Microsoft Windows 2000 Advanced Server SP2
+ Microsoft Windows 2000 Advanced Server SP2
+ Microsoft Windows 2000 Advanced Server SP1
+ Microsoft Windows 2000 Advanced Server SP1
+ Microsoft Windows 2000 Advanced Server SP1
+ Microsoft Windows 2000 Advanced Server
+ Microsoft Windows 2000 Advanced Server
+ Microsoft Windows 2000 Advanced Server
+ Microsoft Windows 2000 Datacenter Server SP4
+ Microsoft Windows 2000 Datacenter Server SP4
+ Microsoft Windows 2000 Datacenter Server SP4
+ Microsoft Windows 2000 Datacenter Server SP3
+ Microsoft Windows 2000 Datacenter Server SP3
+ Microsoft Windows 2000 Datacenter Server SP3
+ Microsoft Windows 2000 Datacenter Server SP2
+ Microsoft Windows 2000 Datacenter Server SP2
+ Microsoft Windows 2000 Datacenter Server SP2
+ Microsoft Windows 2000 Datacenter Server SP1
+ Microsoft Windows 2000 Datacenter Server SP1
+ Microsoft Windows 2000 Datacenter Server SP1
+ Microsoft Windows 2000 Datacenter Server
+ Microsoft Windows 2000 Datacenter Server
+ Microsoft Windows 2000 Datacenter Server
+ Microsoft Windows 2000 Professional SP4
+ Microsoft Windows 2000 Professional SP4
+ Microsoft Windows 2000 Professional SP4
+ Microsoft Windows 2000 Professional SP3
+ Microsoft Windows 2000 Professional SP3
+ Microsoft Windows 2000 Professional SP3
+ Microsoft Windows 2000 Professional SP2
+ Microsoft Windows 2000 Professional SP2
+ Microsoft Windows 2000 Professional SP2
+ Microsoft Windows 2000 Professional SP1
+ Microsoft Windows 2000 Professional SP1
+ Microsoft Windows 2000 Professional SP1
+ Microsoft Windows 2000 Professional
+ Microsoft Windows 2000 Professional
+ Microsoft Windows 2000 Professional
+ Microsoft Windows 2000 Server SP4
+ Microsoft Windows 2000 Server SP4
+ Microsoft Windows 2000 Server SP4
+ Microsoft Windows 2000 Server SP3
+ Microsoft Windows 2000 Server SP3
+ Microsoft Windows 2000 Server SP3
+ Microsoft Windows 2000 Server SP2
+ Microsoft Windows 2000 Server SP2
+ Microsoft Windows 2000 Server SP2
+ Microsoft Windows 2000 Server SP1
+ Microsoft Windows 2000 Server SP1
+ Microsoft Windows 2000 Server SP1
+ Microsoft Windows 2000 Server
+ Microsoft Windows 2000 Server
+ Microsoft Windows 2000 Server
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition Itanium 0
+ Microsoft Windows Server 2003 Datacenter Edition Itanium 0
+ Microsoft Windows Server 2003 Datacenter Edition Itanium 0
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+ Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+ Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Web Edition
+ Microsoft Windows Server 2003 Web Edition
+ Microsoft Windows Server 2003 Web Edition
Microsoft Data Access Components (MDAC) 2.7 SP1 Refresh
Microsoft Data Access Components (MDAC) 2.7 SP1
Microsoft Data Access Components (MDAC) 2.7 RTM Refresh
Microsoft Data Access Components (MDAC) 2.7
+ Microsoft Visual Studio .NET Academic Edition 0
+ Microsoft Visual Studio .NET Academic Edition 0
+ Microsoft Visual Studio .NET Academic Edition 0
+ Microsoft Visual Studio .NET Enterprise Architect Edition
+ Microsoft Visual Studio .NET Enterprise Architect Edition
+ Microsoft Visual Studio .NET Enterprise Architect Edition
+ Microsoft Visual Studio .NET Enterprise Developer Edition
+ Microsoft Visual Studio .NET Enterprise Developer Edition
+ Microsoft Visual Studio .NET Enterprise Developer Edition
+ Microsoft Visual Studio .NET Professional Edition
+ Microsoft Visual Studio .NET Professional Edition
+ Microsoft Visual Studio .NET Professional Edition
+ Microsoft Visual Studio .NET Trial Edition 0
+ Microsoft Visual Studio .NET Trial Edition 0
+ Microsoft Visual Studio .NET Trial Edition 0
+ Microsoft Windows XP 0
+ Microsoft Windows XP 0
+ Microsoft Windows XP 64-bit Edition
+ Microsoft Windows XP 64-bit Edition
+ Microsoft Windows XP 64-bit Edition
+ Microsoft Windows XP Home
+ Microsoft Windows XP Home
+ Microsoft Windows XP Home
+ Microsoft Windows XP Professional
+ Microsoft Windows XP Professional
+ Microsoft Windows XP Professional
Microsoft Data Access Components (MDAC) 2.6 SP2 Refresh
Microsoft Data Access Components (MDAC) 2.6 SP2
Microsoft Data Access Components (MDAC) 2.6 SP1
Microsoft Data Access Components (MDAC) 2.6 RTM
Microsoft Data Access Components (MDAC) 2.6
+ Microsoft SQL Server 2000 SP2
+ Microsoft SQL Server 2000 SP2
+ Microsoft SQL Server 2000 SP2
+ Microsoft SQL Server 2000 SP1
+ Microsoft SQL Server 2000 SP1
+ Microsoft SQL Server 2000 SP1
+ Microsoft SQL Server 2000
+ Microsoft SQL Server 2000
+ Microsoft SQL Server 2000
+ Microsoft SQL Server 2000 Desktop Engine
+ Microsoft SQL Server 2000 Desktop Engine
+ Microsoft SQL Server 2000 Desktop Engine
Microsoft Data Access Components (MDAC) 2.5 SP3
Microsoft Data Access Components (MDAC) 2.5 SP2
Microsoft Data Access Components (MDAC) 2.5 SP1
Microsoft Data Access Components (MDAC) 2.5 RTM
Microsoft Data Access Components (MDAC) 2.5
+ Microsoft Office 2000 SP2
+ Microsoft Office 2000 SP2
+ Microsoft Office 2000 SP2
+ Microsoft Office 2000 SP1
+ Microsoft Office 2000 SP1
+ Microsoft Office 2000 SP1
+ Microsoft SQL Server 7.0 SP3 alpha
+ Microsoft SQL Server 7.0 SP3 alpha
+ Microsoft SQL Server 7.0 SP3 alpha
+ Microsoft SQL Server 7.0 SP3
+ Microsoft SQL Server 7.0 SP3
+ Microsoft SQL Server 7.0 SP3
+ Microsoft SQL Server 7.0 SP2 alpha
+ Microsoft SQL Server 7.0 SP2 alpha
+ Microsoft SQL Server 7.0 SP2 alpha
+ Microsoft SQL Server 7.0 SP2
+ Microsoft SQL Server 7.0 SP2
+ Microsoft SQL Server 7.0 SP2
+ Microsoft Windows 2000 Advanced Server SP2
+ Microsoft Windows 2000 Advanced Server SP2
+ Microsoft Windows 2000 Advanced Server SP2
+ Microsoft Windows 2000 Advanced Server SP1
+ Microsoft Windows 2000 Advanced Server SP1
+ Microsoft Windows 2000 Advanced Server SP1
+ Microsoft Windows 2000 Advanced Server
+ Microsoft Windows 2000 Advanced Server
+ Microsoft Windows 2000 Advanced Server
+ Microsoft Windows 2000 Datacenter Server SP2
+ Microsoft Windows 2000 Datacenter Server SP2
+ Microsoft Windows 2000 Datacenter Server SP2
+ Microsoft Windows 2000 Datacenter Server SP1
+ Microsoft Windows 2000 Datacenter Server SP1
+ Microsoft Windows 2000 Datacenter Server SP1
+ Microsoft Windows 2000 Datacenter Server
+ Microsoft Windows 2000 Datacenter Server
+ Microsoft Windows 2000 Datacenter Server
+ Microsoft Windows 2000 Professional SP2
+ Microsoft Windows 2000 Professional SP2
+ Microsoft Windows 2000 Professional SP2
+ Microsoft Windows 2000 Professional SP1
+ Microsoft Windows 2000 Professional SP1
+ Microsoft Windows 2000 Professional SP1
+ Microsoft Windows 2000 Professional
+ Microsoft Windows 2000 Professional
+ Microsoft Windows 2000 Professional
+ Microsoft Windows 2000 Server SP2
+ Microsoft Windows 2000 Server SP2
+ Microsoft Windows 2000 Server SP2
+ Microsoft Windows 2000 Server SP1
+ Microsoft Windows 2000 Server SP1
+ Microsoft Windows 2000 Server SP1
+ Microsoft Windows 2000 Server
+ Microsoft Windows 2000 Server
+ Microsoft Windows 2000 Server
+ Microsoft Windows 2000 Server Japanese Edition
+ Microsoft Windows 2000 Server Japanese Edition
+ Microsoft Windows 2000 Server Japanese Edition
+ Microsoft Windows 2000 Terminal Services SP2
+ Microsoft Windows 2000 Terminal Services SP2
+ Microsoft Windows 2000 Terminal Services SP2
+ Microsoft Windows 2000 Terminal Services SP1
+ Microsoft Windows 2000 Terminal Services SP1
+ Microsoft Windows 2000 Terminal Services SP1
+ Microsoft Windows 2000 Terminal Services
+ Microsoft Windows 2000 Terminal Services
+ Microsoft Windows 2000 Terminal Services

- 漏洞讨论

Microsoft has released an advisory reporting a buffer overrun vulnerability in an MDAC function. This issue is exposed when an application makes a broadcast request to query for SQL Servers on the network and malformed data is returned in the broadcast response.

Successful exploitation will allow for code execution in the context of the application using the vulnerable MDAC function. If the application is run with system-level privileges, this could completely compromise a vulnerable system. Exploitation attempts may also result in a denial of service in client applications.

Microsoft has reported that this would only result in a denial of service with MDAC 2.8.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Microsoft has released updates to address this issue.


Microsoft Data Access Components (MDAC) 2.7

Microsoft Data Access Components (MDAC) 2.7 SP1

Microsoft Data Access Components (MDAC) 2.5 SP2

Microsoft Data Access Components (MDAC) 2.6 RTM

Microsoft Data Access Components (MDAC) 2.7 SP1 Refresh

Microsoft Data Access Components (MDAC) 2.5 SP3

Microsoft Data Access Components (MDAC) 2.6 SP2

Microsoft Data Access Components (MDAC) 2.6 SP1

Microsoft Data Access Components (MDAC) 2.5 RTM

Microsoft Data Access Components (MDAC) 2.8

Microsoft Data Access Components (MDAC) 2.5 SP1

Microsoft Data Access Components (MDAC) 2.7 RTM Refresh

Microsoft Data Access Components (MDAC) 2.5

Microsoft Data Access Components (MDAC) 2.6

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站