| Ãë¾àÁ¡ID |
18008 |
| À§Çèµµ |
20 |
| Æ÷Æ® |
25 |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
SMTP |
| »ó¼¼¼³¸í |
SMTP EXPN command°¡ »ç¿ë°¡´ÉÇÏ´Ù. EXPN(expand) ¸í·ÉÀº Remote¿¡¼ ÇØ´ç ¼¹öÀÇ »ç¿ëÀÚ°èÁ¤À» È®ÀÎ °¡´ÉÇÏ°Ô ÇØ ÁØ´Ù. È®ÀÎµÈ »ç¿ëÀÚ °èÁ¤Àº ´Ù¸¥ °áÁ¡À» ÀÌ¿ëÇÏ¿© ¼¹ö¸¦ attackÇϴµ¥ À¯¿ëÇÑ Á¤º¸°¡ µÉ ¼ö ÀÖ´Ù. ¶ÇÇÑ ¸î¸î ¹öÀü¿¡¼´Â Buffer OverflowÀÇ ÀáÀçÀûÀÎ À§Çèµµ ³»Æ÷ÇÏ°í ÀÖ´Ù.
* Âü°í »çÀÌÆ®:
http://www.sendmail.org/
http://www.iss.net/security_center/static/128.php
ftp://ftp.cs.berkeley.edu/ucb/sendmail |
| ÇØ°áÃ¥ |
Sendmail.cf¿¡¼ expn ±â´É Á¦°Å
¡¤ - /etc/sendmail.cf ÆÄÀÏ¿¡¼ 'O PrivacyOptions=authwarning'
¡¤ À» ¼öÁ¤ÇÑ µÚ sendmail restartÇÔ.
¡¤ - ¼öÁ¤ : O PrivacyOptions=authwarning,noexpn,novrfy
¡¤ ȤÀº, O PrivacyOptions=authwarning,goaway
¡Ø Âü°í : °¡²û sendmail.cf¿¡ OpnoexpnÀ» Ãß°¡Çϱ⵵ ÇÑ´Ù. |
| °ü·Ã URL |
(CVE) |
| °ü·Ã URL |
(SecurityFocus) |
| °ü·Ã URL |
(ISS) |
|
