| Ãë¾àÁ¡ID |
18015 |
| À§Çèµµ |
20 |
| Æ÷Æ® |
25 |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
SMTP |
| »ó¼¼¼³¸í |
SMTP VRFY command°¡ »ç¿ë°¡´ÉÇÏ´Ù. VRFY(Verify) ¸í·ÉÀº Remote¿¡¼ ÇØ´ç ¼¹öÀÇ »ç¿ëÀÚ°èÁ¤À» È®ÀÎ °¡´ÉÇÏ°Ô ÇØ ÁØ´Ù. È®ÀÎµÈ »ç¿ëÀÚ °èÁ¤Àº ´Ù¸¥ °áÁ¡À» ÀÌ¿ëÇÏ¿© ¼¹ö¸¦ attackÇϴµ¥ À¯¿ëÇÑ Á¤º¸°¡ µÉ ¼ö ÀÖ´Ù. ¶ÇÇÑ ¸î¸î ¹öÀü¿¡¼´Â Buffer OverflowÀÇ ÀáÀçÀûÀÎ À§Çèµµ ³»Æ÷ÇÏ°í ÀÖ´Ù.
* Âü°í »çÀÌÆ®:
http://www.sendmail.org/
http://www.iss.net/security_center/static/887.php
ftp://ftp.cs.berkeley.edu/ucb/sendmail |
| ÇØ°áÃ¥ |
Sendmail.cf¿¡¼ vrfy ±â´É Á¦°Å
- /etc/sendmail.cf ÆÄÀÏ¿¡¼ 'O PrivacyOptions=authwarning'
À» ¼öÁ¤ÇÑ µÚ sendmail restartÇÔ.
- ¼öÁ¤ : O PrivacyOptions=authwarning,noexpn,novrfy
ȤÀº, O PrivacyOptions=authwarning,goaway
¡Ø Âü°í : °¡²û sendmail.cf¿¡ OpnovrfyÀ» Ãß°¡Çϱ⵵ ÇÑ´Ù. |
| °ü·Ã URL |
(CVE) |
| °ü·Ã URL |
(SecurityFocus) |
| °ü·Ã URL |
(ISS) |
|
