Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: Re: [PEN-TEST] RDS exploit simulation

Re: [PEN-TEST] RDS exploit simulation

From: bacano <bacano_at_ESOTERICA.PT>
Date: Tue, 31 Oct 2000 23:52:13 -0000

Actually MDAC 2.6 RTM (2.60.6526.3) and MDAC 2.6 SDK are out. The news is
that MDAC version 2.6 does not include Microsoft Jet, Microsoft Jet OLE DB
Provider, and the ODBC Desktop Database Drivers
(http://support.microsoft.com/support/kb/articles/Q271/9/08.ASP)

Installing MS SQL 2000 installs MDAC 2.6

[ ]'s bacano

----- Original Message -----
From: "rain forest puppy" <rfp_at_WIRETRIP.NET>
To: <PEN-TEST_at_SECURITYFOCUS.COM>
Sent: Tuesday, September 19, 2000 12:31 AM
Subject: Re: [PEN-TEST] RDS exploit simulation

> Okey dokey, this is actually a revelevant topic, since I've received a lot
> of email on it. I'm working on a RDS-FAQ, but in the meantime:
>
> You are vulnerable if you have MDAC 1.5 installed. MDAC 2.0 is *kinda*
> vulnerable, but for all intents and purposes, not via msadcs.dll. MDAC
> >2.0 is not vulnerable.
>
> Now, keep in mind:
> - Installing MS SQL 7.0 installs MDAC 2.x
> - Installing Office 2000 installs MDAC 2.x
> - Installing IE 5.x installs MDAC 2.x
> - Installing almost any MS server product after 2000 usually installs MDAC
> 2.x.
> - Windows 2000 is not vulnerable. IIS 5.0 is not vulnerable.
>
>
> For the differences between MDAC 1.5, 2.0, and 2.1+, please see RFP9907:
> "You, your servers, RDS, and thousands of script kiddies" at
> http://www.wiretrip.net/rfp/p/doc.asp?id=29&iface=2
>
> Slightly dated, as there are newer copies of MDAC (I believe 2.5 is now
> out), but it will discuss what is vulnerable vs. what is not.
>
> As for me, I use NT Server 4.0 regular or enterprise, install SP3, install
> IE 4.01 (comes on NT Option Pack 4), and then IIS 4.0. Now the newer
> Option Packs might be retrofitted, but the original releases had the
> vulnerable MDAC.
>
> Just keep in mind there are a *LOT* of applications nowadays that package
> updated DB components with them that may patch the vulnerability when
> installed. You can always look at the version of the msjet.dll in winnt
> directory...any 4.x is not vulnerable. The jetcopkg installs 3.5X (don't
> remember the value), MDAC 2.0 installs 3.52, and MDAC 1.5 installs 3.50.
> The 3.x line (apart from the patched jetcopkg.exe) is vulnerable.
>
> - rfp
>
Received on Nov 01 2000

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos