Penetration Testing mailing list archives
Re: [PEN-TEST] RDS exploit simulation
From: bacano <bacano () ESOTERICA PT>
Date: Tue, 31 Oct 2000 23:52:13 -0000
Actually MDAC 2.6 RTM (2.60.6526.3) and MDAC 2.6 SDK are out. The news is that MDAC version 2.6 does not include Microsoft Jet, Microsoft Jet OLE DB Provider, and the ODBC Desktop Database Drivers (http://support.microsoft.com/support/kb/articles/Q271/9/08.ASP) Installing MS SQL 2000 installs MDAC 2.6 [ ]'s bacano ----- Original Message ----- From: "rain forest puppy" <rfp () WIRETRIP NET> To: <PEN-TEST () SECURITYFOCUS COM> Sent: Tuesday, September 19, 2000 12:31 AM Subject: Re: [PEN-TEST] RDS exploit simulation
Okey dokey, this is actually a revelevant topic, since I've received a lot of email on it. I'm working on a RDS-FAQ, but in the meantime: You are vulnerable if you have MDAC 1.5 installed. MDAC 2.0 is *kinda* vulnerable, but for all intents and purposes, not via msadcs.dll. MDAC2.0 is not vulnerable.Now, keep in mind: - Installing MS SQL 7.0 installs MDAC 2.x - Installing Office 2000 installs MDAC 2.x - Installing IE 5.x installs MDAC 2.x - Installing almost any MS server product after 2000 usually installs MDAC 2.x. - Windows 2000 is not vulnerable. IIS 5.0 is not vulnerable. For the differences between MDAC 1.5, 2.0, and 2.1+, please see RFP9907: "You, your servers, RDS, and thousands of script kiddies" at http://www.wiretrip.net/rfp/p/doc.asp?id=29&iface=2 Slightly dated, as there are newer copies of MDAC (I believe 2.5 is now out), but it will discuss what is vulnerable vs. what is not. As for me, I use NT Server 4.0 regular or enterprise, install SP3, install IE 4.01 (comes on NT Option Pack 4), and then IIS 4.0. Now the newer Option Packs might be retrofitted, but the original releases had the vulnerable MDAC. Just keep in mind there are a *LOT* of applications nowadays that package updated DB components with them that may patch the vulnerability when installed. You can always look at the version of the msjet.dll in winnt directory...any 4.x is not vulnerable. The jetcopkg installs 3.5X (don't remember the value), MDAC 2.0 installs 3.52, and MDAC 1.5 installs 3.50. The 3.x line (apart from the patched jetcopkg.exe) is vulnerable. - rfp
Current thread:
- Re: [PEN-TEST] RDS exploit simulation rain forest puppy (Nov 01)
- Re: [PEN-TEST] RDS exploit simulation bacano (Nov 01)