| Ãë¾àÁ¡ID |
21254 |
| À§Çèµµ |
40 |
| Æ÷Æ® |
8888 |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
CGI |
| »ó¼¼¼³¸í |
ÇØ´ç Sun AnswerBook2 ¼¹ö¿¡ ÀÖ´Â Gettransbitmap CGI´Â ¹öÆÛ ¿À¹öÇÃ·Î¿ì °ø°Ý¿¡ Ãë¾àÇÏ´Ù.
Sun AnswerBook2 Documentation Server´Â »ç¿ëÀÚµéÀÌ À¥ ºê¶ó¿ìÀú¸¦ ÀÌ¿ëÇÏ¿© Sun ¹®¼¸¦ º¼ ¼ö ÀÖµµ·Ï ÇØ ÁÖ´Â Solaris ¿î¿µÃ¼Á¦¿ëÀ¸·Î ÀÌ¿ë °¡´ÉÇÑ ÅøÀÌ´Ù. Sun AnswerBook2 1.4¿¡¼ 1.4.3 »çÀÌÀÇ ¹öÀüµéÀº gettransbitmap CGI ÇÁ·Î±×·¥¿¡ ¹öÆÛ ¿À¹öÇ÷ο쿡 Ãë¾àÇÏ´Ù. ¹®Á¦´Â AnswerBook2¿¡ Æ÷ÇÔµÈ gettransbitmap CGI°¡ ÆÄÀϸí Àμö¿¡ ´ëÇØ ±æÀÌ °Ë»ç(bounds checking)À» Á¦´ë·Î ¼öÇàÇÏÁö ¸øÇϴµ¥ ÀÖ´Ù. ¾ÆÁÖ ±ä ÆÄÀϸíÀ» °¡Áø ÆÄÀÏÀ» ¿äûÇÔÀ¸·Î½á ¿ø°ÝÁöÀÇ °ø°ÝÀÚ´Â ¹öÆÛ¸¦ ¿À¹öÇÃ·Î¿ì ½ÃÅ°°í »ç¿ëÀÚ µ¥¸ó ±ÇÇÑÀ» °¡Áö°í ½Ã½ºÅÛ»ó¿¡ ÀÓÀÇÀÇ Äڵ带 ½ÇÇà½Ãų ¼ö ÀÖ´Ù.
* Âü°í »çÀÌÆ®:
http://marc.theaimsgroup.com/?l=vulnwatch&m=102194510509450&w=2
http://marc.theaimsgroup.com/?l=bugtraq&m=102198846905064&w=2
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0071.html
http://www.securiteam.com/unixfocus/5NP0O0A75W.html
http://www.eSecurityOnline.com/advisories/eSO5063.asp
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Solaris Any version
Sun AnswerBook2 1.4
Sun AnswerBook2 1.4.1
Sun AnswerBook2 1.4.2
Sun AnswerBook2 1.4.3 |
| ÇØ°áÃ¥ |
2014³â 6¿ù ÇöÀç º¥´õ(vendor)°¡ Á¦°øÇÏ´Â ÆÐÄ¡µéÀº ¾ø´Ù.
Àӽà Á¶Ä¡¹æ¹ýÀ¸·Î½á, gettransbitmap ½ÇÇàÆÄÀÏ¿¡ ´ëÇÑ ¾×¼¼½º¸¦ Á¦°ÅÇØ ³õ¾Æ¾ß ÇÑ´Ù:
chmod 0000 <path to>/gettransbitmap.
ȤÀº ÇÊ¿äÇÏÁö ¾Ê´Ù¸é AnswerBook2ÀÇ °¡µ¿À» ÁßÁö½ÃŲ´Ù. |
| °ü·Ã URL |
CVE-2002-0360 (CVE) |
| °ü·Ã URL |
4784 (SecurityFocus) |
| °ü·Ã URL |
9117 (ISS) |
|
