| Ãë¾àÁ¡ID |
21124 |
| À§Çèµµ |
30 |
| Æ÷Æ® |
80, ... |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
CGI |
| »ó¼¼¼³¸í |
ÇØ´ç À¥¼¹ö¿¡ "/iissamples/exair/howitworks/codebrws.asp" CGI°¡ ¼³Ä¡ µÇ¾î ÀÖÀ¸¸ç ±× À¥¼¹ö´Â IIS 4.0À̳ª Site Server°¡ ÀÛµ¿ÇÏ°í ÀÖ´Â °ÍÀ¸·Î º¸ÀδÙ. codebrws.asp ¿¹Á¦ ÆÄÀÏÀº ±× ASP ÆÄÀÏ°ú µ¿ÀÏÇÑ Logical Disk¿¡ ÀÖ´Â ÀÓÀÇÀÇ ÆÄÀÏÀ» attacker°¡ remote¿¡¼ Àо ¼ö ÀÖ´Â Ãë¾àÁ¡À» °¡Áö°í ÀÖ´Ù.
ÀÌ·¯ÇÑ ¿¹Á¦ ÆÄÀϵéÀº ´ÙÀ½°ú °°Àº °ÍµéÀÌ ÀÖ´Ù.
IIS_DIRECTORY\Iissamples\Exair\Howitworks\Code.asp
IIS_DIRECTORY\Iissamples\Exair\Howitworks\Codebrws.asp
IIS_DIRECTORY\Iissamples\Sdk\Asp\Docs\Codebrws.asp
Program_Files\Common_Files\System\Msadc\Samples\Selector\Showcode.asp
* À¥¹æ¹®ÀÚ´Â ÀÌ ASP ÆÄÀϵéÀ» ÀÌ¿ëÇÏ¿© ÀÓÀÇÀÇ ÆÄÀϵ鿡 ´ëÇØ º¯°æ, »èÁ¦ µîÀº ÇÒ ¼ö ¾ø´Ù.
* Âü°í »çÀÌÆ®:
http://www.iss.net/security_center/static/2383.php
http://www.microsoft.com/technet/security/bulletin/ms99-013.asp
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Microsoft IIS Server |
| ÇØ°áÃ¥ |
¼¹ö·Î ºÎÅÍ ¸ðµç Showcode.asp, Code.asp¿Í CodeBrws.asp ÆÄÀϵéÀ» ã¾Æ¼ »èÁ¦ÇÑ´Ù. ȤÀº Àΰ¡µÈ »ç¿ëÀڵ鸸 accessÇÒ ¼ö ÀÖµµ·Ï ±× ÆÄÀϵ鿡 ´ëÇÑ ACLµéÀ» ¼ÂÇÑ´Ù.
Patch¸¦ Çϱâ À§Çؼ´Â ´ÙÀ½°ú °°ÀÌ ÇÒ ¼ö ÀÖ´Ù.
* Site Server 3.0
Microsoft»ç´Â ´õ ÀÌ»ó Site Server 3.0À» Áö¿øÇÏÁö ¾Ê´Â´Ù. ´Ù¸¥ ÇÁ·Î±×·¥À» ¼³Ä¡ÇØ¾ß ÇÑ´Ù.
* IIS 4.0
IIS 4.0¿¡ ´ëÇÑ Patch´Â Fix2450I.exe (Intel) ȤÀº Fix2450A.exe (Alpha)·Î½á ´ÙÀ½ ÀÎÅÍ³Ý »çÀÌÆ®¿¡ À§Ä¡ÇÑ´Ù:
ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/Viewcode-fix/ |
| °ü·Ã URL |
CVE-1999-0739 (CVE) |
| °ü·Ã URL |
(SecurityFocus) |
| °ü·Ã URL |
(ISS) |
|
