| Ãë¾àÁ¡ID |
21076 |
| À§Çèµµ |
40 |
| Æ÷Æ® |
80, ... |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
CGI |
| »ó¼¼¼³¸í |
ÇØ´ç À¥¼¹ö¿¡ responder.cgi CGI ÇÁ·Î±×·¥ÀÌ ¼³Ä¡µÇ¾î ÀÖ´Ù. ÀÌ CGI´Â Macintosh HTTP ¼¹ö Shilo v1.0b (macos)ÀÇ CGI ÁßÀÇ Çϳª·Î Buffer Overflow Ãë¾àÁ¡ÀÌ Á¸ÀçÇÏ¿© ¼¹ö³»ÀÇ ÀÓÀÇÀÇ ¸í·ÉÀ» ¼öÇàÇÒ ¼ö ÀÖ´Ù. CGIÀÇ ¼Ò½º ÆÄÀÏ¿¡ ´ÙÀ½ ¶óÀÎÀ» Æ÷ÇÔÇÏ°í ÀÖÀ¸¸é À§ÇèÇÏ´Ù.
¡¤ char PostArg_Search[256];
ÀÌ º¯¼ö´Â QUERY_STRINGÀÇ ¹®ÀÚ¿À» ¹Þ°Ô µÇ´Âµ¥ 256°³ ÀÌ»óÀÇ ¹®ÀÚ¸¦ ¹ÞÀ¸¸é Buffer Overflow°¡ ¹ß»ýÇÏ°Ô µÈ´Ù.
* Âü°í »çÀÌÆ®:
http://www.packetstormsecurity.org/9904-exploits/mac.DoS.txt
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Web Server |
| ÇØ°áÃ¥ |
ÇÊ¿äÇÏÁö ¾Ê´Ù¸é /cgi-bin³» responder.cgi ÆÄÀÏÀ» Á¦°ÅÇÑ´Ù. ±×·¸Áö ¾ÊÀ¸¸é ´ÙÀ½°ú °°ÀÌ ÇÏ¿© ¹®Á¦Á¡À» Á¦°ÅÇÒ ¼ö ÀÖ´Ù.
'char PostArg_Search[256];'¸¦
'char PostArg_Search;'°ú °°ÀÌ ¼öÁ¤ÇÑ´Ù. |
| °ü·Ã URL |
(CVE) |
| °ü·Ã URL |
(SecurityFocus) |
| °ü·Ã URL |
(ISS) |
|
