| Ãë¾àÁ¡ID |
16082 |
| À§Çèµµ |
40 |
| Æ÷Æ® |
21 |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
FTP |
| »ó¼¼¼³¸í |
ÇØ´ç Titan FTP ¼¹öÀÇ ¹öÀü¿¡ µû¸£¸é ¼¹ö¿¡´Â 'CWD' ¸í·ÉÀ» ÅëÇÑ Èü ¿À¹öÇ÷οì Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù. Titan FTP ¼¹ö´Â Microsoft Windows ¿î¿µÃ¼Á¦µéÀ» À§ÇÑ SSL (Secure Sockets Layer)À» Áö¿øÇÏ´Â FTP ¼¹öÀÌ´Ù. Titan FTP Server 3.21 ÀÌÇÏÀÇ ¹öÀüµéÀº »ç¿ëÀÚ Á¦°ø µ¥ÀÌÅÍ¿¡ ´ëÇÑ ºÒÃæºÐÇÑ °Ë»ç·Î ÀÎÇÑ ¿ø°Ý Èü(heap) ¿À¹öÇ÷οì Ãë¾àÁ¡¿¡ Ãë¾àÇÏ´Ù. Àß Á¶ÀÛµÈ CWD ¸í·ÉÀ» º¸³¿À¸·Î½á, ¿ø°ÝÁöÀÇ ÀÎÁõ¹ÞÀº °ø°ÝÀÚ´Â ¹öÆÛ¸¦ ¿À¹öÇÃ·Î¿ì ½ÃÅ°°í ½Ã½ºÅÛ »ó¿¡ ÀÓÀÇÀÇ Äڵ带 ½ÇÇà½ÃÅ°°Å³ª FTP ¼ºñ½º°¡ Å©·¡½¬¸¦ ÀÏÀ¸Å°µµ·Ï ÇÒ ¼ö ÀÖ´Ù.
* ¾Ë¸²: ÀÌ Á¡°ËÇ׸ñÀº ÀÌ Ãë¾àÁ¡À» Á¡°ËÇϱâ À§ÇØ ÇØ´ç Titan FTP ¼¹öÀÇ ¹öÀü Á¤º¸¸¸À» È®ÀÎÇÑ´Ù. µû¶ó¼ °ÅÁþ ¾ç¼º¹ÝÀÀ(False Positive)À» º¸ÀÏ ¼ö ÀÖ´Ù.
* Âü°í »çÀÌÆ®:
http://archives.neohapsis.com/archives/bugtraq/2004-08/0405.html
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
South River Technologies, Titan FTP Server 3.21 ÀÌÇÏÀÇ ¹öÀüµé
Microsoft Windows Any version |
| ÇØ°áÃ¥ |
´ÙÀ½ South River Technologies»ç À¥ »çÀÌÆ®¿¡¼ ±¸ÇÒ ¼ö ÀÖ´Â Titan FTP ¼¹öÀÇ °¡Àå ÃֽŠ¹öÀü(3.30 ȤÀº ÀÌÈÄ)À¸·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù:
http://www.southrivertech.com/products/titanftp/index.html |
| °ü·Ã URL |
CVE-2004-1641 (CVE) |
| °ü·Ã URL |
11069 (SecurityFocus) |
| °ü·Ã URL |
17172 (ISS) |
|
