| Ãë¾àÁ¡ID |
21030 |
| À§Çèµµ |
40 |
| Æ÷Æ® |
80, ... |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
CGI |
| »ó¼¼¼³¸í |
ÇØ´ç ¼¹ö¿¡ 'classifieds.cgi' CGI°¡ ¼³Ä¡µÇ¾î ÀÖ´Ù.
Classifieds´Â À¥ÆäÀÌÁö»ó¿¡ ±¤°í¹°¸¦ ´Ù·ç´Âµ¥ ¾²ÀÌ´Â free CGI ½ºÅ©¸³Æ®ÀÌ´Ù. ±×·¯³ª, 'classifieds.cgi' CGI´Â ¿ÜºÎ attacker¿¡°Ô shell meta ¹®ÀÚµéÀ» ÀÌ¿ëÇÏ¿© ¼¹ö³»ÀÇ ÀÓÀÇÀÇ ÆÄÀÏÀ» Àо°Å³ª CGI form¿¡ ÀÖ´Â hidden º¯¼ö¸¦ ÀÌ¿ëÇÏ¿© ÀÓÀÇÀÇ ¸í·ÉÀ» ½ÇÇà½Ãų ¼ö ÀÖ´Â Ãë¾àÁ¡µéÀÌ Á¸ÀçÇÑ´Ù.
* Âü°í »çÀÌÆ®:
http://www.iss.net/security_center/static/3103.php
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Web Server |
| ÇØ°áÃ¥ |
PatchµÈ ÃֽŠ¹öÀüÀÇ CGI¸¦ ±¸Çϱâ Àü±îÁö /cgi-bin µð·ºÅ丮¿¡¼
ÇØ´ç CGI¸¦ »èÁ¦ÇÑ´Ù. |
| °ü·Ã URL |
CVE-1999-0934,CVE-1999-0935 (CVE) |
| °ü·Ã URL |
(SecurityFocus) |
| °ü·Ã URL |
(ISS) |
|
