| Ãë¾àÁ¡ID |
21232 |
| À§Çèµµ |
40 |
| Æ÷Æ® |
80, ... |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
CGI |
| »ó¼¼¼³¸í |
Cross-Referencing Linux¿¡ µð·ºÅ丮 Ž»ö Ãë¾àÁ¡ÀÌ ÀÖ´Ù.
Cross-Referencing Linux´Â LXR·Î ¾Ë·ÁÁ® ÀÖÀ¸¸ç ÀÏ¹Ý »ç¿ëÀÚµéÀÌ À¥ ºê¶ó¿ìÁ ÀÌ¿ëÇÏ¿© Linux KernelÀÇ ¼Ò½º¸¦ Àо ¼ö ÀÖ°Ô ÇØ ÁØ´Ù. ÀÌ ¾îÇø®ÄÉÀ̼ÇÀº Perl ¾ð¾î¸¦ ÀÌ¿ëÇÏ¿© ÀÛ¼ºµÇ¾î ÀÖÀ¸¸ç ¸ðµç Linux Kernel ¼Ò½ºµéÀ» HTML ÇüÅ·Πº¯È¯ÇØ ÁØ´Ù. ÀÚ¼¼ÇÑ Á¤º¸´Â °ø½Ä À¥ »çÀÌÆ®ÀÎ http://lxr.linux.nu ¸¦ ÂüÁ¶ÇÏ¸é µÈ´Ù.
Cross-Referencing LinuxÀÇ CGI 'source'¿¡ ÀÖ´Â µð·ºÅ丮 Ž»ö Ãë¾àÁ¡Àº ¿ø°ÝÁöÀÇ °ø°ÝÀÚ°¡ "v" Àμö¿¡ .. (dot dot) °ø°ÝÀ» ÅëÇØ À¥¼¹ö»óÀÇ ÀÓÀÇÀÇ ÆÄÀϵéÀ» Àо ¼ö ÀÖ°Ô ÇØ ÁØ´Ù.
°ø°ÝÀÚ°¡ ´ÙÀ½°ú °°ÀÌ "v" Àμö Çʵ带 ¼ÂÇÏ°Ô µÇ¸é:
http://vulnerable/source?v=../../../../../../../etc/password%00
Cross-Referencing Linux´Â Æнº¿öµå ÆÄÀÏÀ» ¿¾î º¸¿© ÁÙ °ÍÀÌ´Ù.
* Âü°í »çÀÌÆ®:
http://www.securityfocus.com/archive/1/314613
* ¿µÇâÀ» ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î:
Cross-Referencing Linux ¹öÀü 0.9.2 ÀÌÇÏ |
| ÇØ°áÃ¥ |
ÀÌ Ãë¾àÁ¡¿¡ ´ëÇÑ ÆÐÄ¡°¡ ³ª¿Ã ¶§±îÁö CGI-BIN µð·ºÅ丮¿¡¼ ÇØ´ç CGI¸¦ Á¦°ÅÇÏ¿©¾ß ÇÑ´Ù. |
| °ü·Ã URL |
(CVE) |
| °ü·Ã URL |
(SecurityFocus) |
| °ü·Ã URL |
(ISS) |
|
