| Ãë¾àÁ¡ID |
21114 |
| À§Çèµµ |
30 |
| Æ÷Æ® |
80, ... |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
CGI |
| »ó¼¼¼³¸í |
ÇØ´ç À¥¼¹ö¿¡ 'FormHandler.cgi' CGI°¡ ¼³Ä¡µÇ¾î ÀÖ´Ù.
ÀÌ CGI´Â Attacker°¡ ¿ø°ÝÀ¸·Î /etc/passwd ÆÄÀÏÀ» Æ÷ÇÔÇÏ¿© ±× CGI ½ºÅ©¸³Æ®°¡ ÀÐÀ» ¼ö ÀÖ´Â ¼¹ö³»ÀÇ ¸ðµç ÆÄÀϵéÀ» ÀÐÀ» ¼ö ÀÖ°Ô ÇØ ÁÖ´Â Ãë¾àÁ¡À» °¡Áö°í ÀÖ´Ù. FormHandler´Â form submissionÀÇ °á°ú·Î½á »ý±â´Â Email ¸Þ¼¼Áö¿¡¼ ÅÛÇø´À» »ç¿ëÇÒ ¼ö ÀÖ°Ô ÇØ ÁØ´Ù. Attacker´Â ±× form document¿¡ ÀÖ´Â Àý´ë Æнº¸íÀ» ÂüÁ¶ÇÏ¿© ±× ÅÛÇø´À» ÆÄÀϷνá ÀúÀåÇÒ ¼ö ÀÖ´Ù. Attacker°¡ form¿¡ ÀÖ´Â Àü¼Û(submit)À» Ŭ¸¯Çϸé FormHandler CGI´Â ÁöÁ¤µÈ Email ÁÖ¼Ò·Î ÅÛÇø´¿¡ ÀúÀåµÈ ÆÄÀÏÀ» Email·Î º¸³»ÁØ´Ù.
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Web Server |
| ÇØ°áÃ¥ |
À¥¼¹öÀÇ / µð·ºÅ丮¿¡¼ FormHandler.cgi¸¦ Á¦°ÅÇÑ´Ù. |
| °ü·Ã URL |
CVE-1999-1050 (CVE) |
| °ü·Ã URL |
798,799 (SecurityFocus) |
| °ü·Ã URL |
3550 (ISS) |
|
