| Ãë¾àÁ¡ID |
21059 |
| À§Çèµµ |
40 |
| Æ÷Æ® |
80, ... |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
CGI |
| »ó¼¼¼³¸í |
ÇØ´ç À¥¼¹ö¿¡ 'jj' CGI°¡ ¼³Ä¡µÇ¾î ÀÖ´Ù.
ÀÌ CGI ÇÁ·Î±×·¥Àº ¸î¸î ±¸¹öÀüÀÇ HTTP ¼¹ö¿¡ µ¥¸ð ÇÁ·Î±×·¥À¸·Î ¹èÆ÷µÇ¾ú´Ù. ±×·¯³ª, jj CGI ÇÁ·Î±×·¥¿¡´Â /bin/mail ÇÁ·Î±×·¥À¸·Î ºÎÅÍ shell escapeÀ» ÀÌ¿ëÇÏ¿© ÀÓÀÇÀÇ ¸í·ÉÀ» ¼öÇàÇÒ ¼ö ÀÖ´Â Ãë¾àÁ¡ÀÌ ÀÖ´Ù. Attacker°¡ ±×·¯ÇÑ access¸¦ ÇÒ ¼ö ÀÖ´Ù´Â °ÍÀº "HTTPDrocks"¿Í "SDGROCKS"¸¦ Æ÷ÇÔÇÏ¿© ¸î°³ÀÇ ¾Ë·ÁÁ® ÀÖ´Â µðÆúÆ® Æнº¿öµåµéÀ» ¾Ë°í ÀÖ´Ù´Â ¶æÀÌ µÈ´Ù.
* Âü°í »çÀÌÆ®:
http://www.iss.net/security_center/static/1808.php
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Web Server |
| ÇØ°áÃ¥ |
CGI-BIN µð·ºÅ丮·Î ºÎÅÍ jj ÇÁ·Î±×·¥À» »èÁ¦ÇØ¾ß ÇÏ¸ç ºÒÇÊ¿äÇÑ demo ÇÁ·Î±×·¥µéµµ ÇÔ²² »èÁ¦ÇØ¾ß ÇÑ´Ù. |
| °ü·Ã URL |
CVE-1999-0260 (CVE) |
| °ü·Ã URL |
(SecurityFocus) |
| °ü·Ã URL |
(ISS) |
|
