 |
Carabas
GURU
Joined: 28 Sep 2000
Posts: 434
Location: USA
|
 Posted: Thu Aug 21, 2003 2:56 am
MDAC Vulnerability
|
I figure since many of you have MDAC installed, this is worth mentioning.
quote:
Title: Unchecked Buffer in MDAC Function Could Enable System
Compromise (823718)
Date: 20 August 2003
Software:
- Microsoft Data Access Components 2.5
- Microsoft Data Access Components 2.6
- Microsoft Data Access Components 2.7
Impact: Run code of the attacker's choice
Max Risk: Important
Bulletin: MS03-033
Microsoft encourages customers to review the Security Bulletins
at:
http://www.microsoft.com/technet/security/bulletin/MS03-033.asp
http://www.microsoft.com/security/security_bulletins/ms03-033.asp
...
An attacker who successfully exploited this flaw could gain the
same level of privileges over the system as the application that
initiated the broadcast request. The actions an attacker could
carry out would be dependent on the permissions which the
application using MDAC ran under. If the application ran with
limited privileges, an attacker would be limited accordingly;
however, if the application runs under the local system context,
the attacker would have the same level of permissions. This could
include creating, modifying, or deleting data on the system, or
reconfiguring the system. This could also include reformatting
the hard disk or running programs of the attacker's choice.
Yet another buffer overflow bug. What would we ever do without Microsoft keeping us on our toes? |
|
|
|
|
Rainchild
Wizard
Joined: 10 Oct 2000
Posts: 1551
Location: Australia
|
Posted: Fri Aug 22, 2003 12:11 am
|
Yeah I saw that and went 'tops'.
You know, I dunno what goes through the minds of microsoft, a web page can eject my cd rom drive, crash my computer, infect me with a virus... when will they learn to secure up their script languages?? |
|
|
|
|
Darker
GURU
Joined: 24 Sep 2000
Posts: 1237
Location: USA
|
Posted: Fri Aug 22, 2003 2:39 pm
|
It's not so much their script languages as their compiled languages (er, compiled products). The components that have been at fault lately are compiled code (MDAC, DCOM, etc.).
PS, the MDAC flaw mentioned above has this mitigating factor: The malicious response to the MDAC 'Hey, what SQL Servers are available on my network?' request that could contain the buffer overrun must be on the same subnet you're on. That eliminates it as a cause for lost sleep for most people. |
|
|
|
|
Zugg
MASTER
Joined: 25 Sep 2000
Posts: 23379
Location: Colorado, USA
|
Posted: Sat Aug 23, 2003 1:09 am
|
It's easy to beat them up (and I've been cursing them plenty over the past couple of days). But, it's also just a side-effect of success and having a large user base. Over history, the most-used operating systems and software have always been the ones attacked. I remember my job many years ago as a unix admin when it seemed I was dealing with sendmail holes on a daily basis.
Now that Windows has the most users it is the biggest target for hackers. I'm sure that plenty of other software and systems have holes, but there just isn't as much attention given to them.
I sometimes have nightmares about people using exploits in zMUD scripting. As soon as you tie to stuff like COM, or allow file access, there are all sorts of possibilities. Remember the MSP command people could send that would crash the computer of anyone using zMUD? And *I* really do try to be careful in my design. So, nobody is really immune.
That's just what you get when you allow anonymous access of the Internet. People will do amazing stuff when they think it can't be traced back to them. |
|
|
|
|
sp000n
Novice
Joined: 04 Jul 2001
Posts: 32
|
Posted: Wed Aug 27, 2003 6:58 am
|
True statements, Zugg. For years, I ran an anonymous FTP site with full access to my computer just so I could access my homework and gamefiles from anywhere (back when Zmud was that easy to DL and install ;). It was never attacked.
Obscurity = Security.
Well, at least until these worms started going mainstream. It seems they now do the legwork of finding our obscure servers and bringing their weaknesses into focus. |
|
|
|
|
Zugg
MASTER
Joined: 25 Sep 2000
Posts: 23379
Location: Colorado, USA
|
Posted: Wed Aug 27, 2003 6:11 pm
|
Heh, last year I opened up the anonymous FTP on zuggsoft.com for 4 hours in order to allow a customer to upload one of their map files they were having trouble with. At the end of the 4 hours our server crashed because it was out of disk space. In just that short time, some polling program discovered the writeable anonymous FTP and uploaded 2GB of cracked software, porn, etc, using obscure and illegal characters in the directory names so that I couldn't delete the files from either Windows NOR FROM DOS! I had to find a freeware utility that was written to get rid of this stuff using low level file system calls. Took me the rest of the day to clean that up.
It's a scary world out there! |
|
|
|
|
Rainchild
Wizard
Joined: 10 Oct 2000
Posts: 1551
Location: Australia
|
Posted: Thu Aug 28, 2003 2:00 am
|
haha sweet, free porn and warez, what more could someone ask for? *cough cough* I mean, that's terrible Zugg! What's the world coming to??
Moral of the story is you allow write access but don't allow downloads from the uploads directory :)
Or you don't let anonymous upload :) |
|
|
|
|
john_taylor_jr
Wanderer
Joined: 17 Jan 2003
Posts: 57
Location: USA
|
Posted: Wed Nov 12, 2003 1:07 am
|
Well it's a slippery peak. On one slope we have OS's that can bend and flex for total ease of use on both the programers side and the users side but are unsecure. On the other hand we can have OS's that don't do much of anything but are as secure as Fort Knox. It's all about balance. You drive 160 miles an hour your dead when you hit the tinest puddle. Drive an armoured car and you're getting no where fast. Windows is the buick of OS's perfect to hall around the family with enough umph to get you where you're going.
|
|
|
|
|
|
|
|
