| Ãë¾àÁ¡ID |
22182 |
| À§Çèµµ |
40 |
| Æ÷Æ® |
80, ... |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
WWW |
| »ó¼¼¼³¸í |
ÇØ´ç Sun ONE Application ¼¹ö´Â NSAPI Connector ¸ðµâ¿¡ ¹öÆÛ ¿À¹öÇ÷οì Ãë¾àÁ¡À» °¡Áö°í ÀÖ´Ù. ÀÌ ¸ðµâÀº Sun ONE À¥ ¼¹ö (ÀÌÀü ¸íĪÀ¸·Î iPlanet Enterprise Server)¸¦ Application ¼¹ö¿Í ¿¬µ¿½ÃÄÑÁÖ´Â NSAPI (Netscape Application Programming Interface) Ç÷¯±×ÀÎÀÌ´Ù. ÀÌ Connector Module (gxnsapi6.dll)Àº ÀԷ¹޴ ¿äû URLÀÇ Ã³¸® °úÁ¤¿¡¼ Static ¹öÆÛ¸¦ »ç¿ëÇÑ´Ù. ¸¸¾à, ¿ø°ÝÁö °ø°ÝÀÚµéÀÌ "/[AppServerPrefix]/[long buffer]" ÇüÅ·Π¾îÇø®ÄÉÀÌ¼Ç ¼ºñ½ºÀÇ prefix µÚ¿¡ ¾ÆÁÖ ±ä ¹®ÀÚ¿À» µ¡ºÙ¿© ¼¹ö¿¡ ¿äûÇϸé, ¸Þ¸ð¸®ÀÇ Áß¿äÇÑ ºÎºÐÀ» µ¤¾î¾µ ¼ö ÀÖ´Ù. ÀÌ´Â ¿ø°ÝÁöÀÇ °ø°ÝÀÚµéÀÌ ¹öÆÛ¸¦ ¿À¹öÇ÷οì(Buffer Overflow)½ÃÅ°°í ÀáÀçÀûÀ¸·Î´Â ¼¹ö »ó¿¡¼ ÀÓÀÇÀÇ Äڵ带 ½ÇÇàÇÒ ¼ö ÀÖ°Ô ÇØ ÁØ´Ù.
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Sun ONE Application Server 6.0
Sun ONE Application Server 6.5
Microsoft Windows Any version |
| ÇØ°áÃ¥ |
Sun ONE Application ¼¹ö 6.5ÀÇ °æ¿ì:
´ÙÀ½ SunÀÇ À¥ »çÀÌÆ®¸¦ ÂüÁ¶ÇÏ¿© SP1, ȤÀº ±× ÀÌ»óÀÇ ¼ºñ½º ÆÑÀ» ¼³Ä¡ÇØ¾ß ÇÑ´Ù:
http://docs.oracle.com/cd/E19485-01/816-6373-11/rn_65sp1.html#UpgradingtoSP1
Àӽà Á¶Ä¡¹æ¹ýÀ¸·Î ¼¹ö°¡ ÀÔ·Â ¿äûÀÇ ±æÀ̸¦ °Ë»çÇϵµ·Ï @stake ¿¡ ÀÇÇØ Á¦¾ÈµÈ ¸ðµâÀ» »ç¿ëÇϰųª À¯»çÇÏ°Ô NASPI ¸ðµâÀ» º¯°æÇÑ´Ù:
=============================
NSAPI Data Validation Module:
=============================
Usage:
In [server-root]/[server-instance]/config/obj.conf:
...
Init fn="load-modules" shlib="[path to libs]/long.so"
funcs="bounds_check"
<Object name=default>
# Make sure this function is the first to be called
NameTrans fn=bounds_check maxlength=500
...
----- BEGIN -----
#include "nsapi.h"
static int max_req_len = 0;
NSAPI_PUBLIC int bounds_check(pblock *pb, Session *sn, Request *rq) {
char *temp;
max_req_len = atoi(pblock_findval("maxlength", pb));
temp = pblock_findval("uri", rq->reqpb);
if (temp != NULL) {
if (strlen(temp) > max_req_len) {
log_error(LOG_SECURITY, "bounds_check", sn, rq,
"Overly long URI header (%d bytes)¡¦aborting.", strlen(temp));
protocol_status(sn, rq, 440, "Potential Attack Detected");
return REQ_ABORTED;
}
}
return REQ_NOACTION;
}
----- END ----- |
| °ü·Ã URL |
CVE-2002-0387 (CVE) |
| °ü·Ã URL |
7082 (SecurityFocus) |
| °ü·Ã URL |
11529 (ISS) |
|
