| Ãë¾àÁ¡ID |
21149 |
| À§Çèµµ |
40 |
| Æ÷Æ® |
80, ... |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
CGI |
| »ó¼¼¼³¸í |
ÇØ´ç À¥¼¹ö¿¡ "/ssi/envout.bat" CGI°¡ ¼³Ä¡µÇ¾î ÀÖ´Ù. ÀÌ CGI´Â AN-HTTPd À¥¼¹ö¿¡ ÀÖ´Â ¿¹Á¦ CGI ½ºÅ©¸³Æ®·Î Shell metacharacter¸¦ ÀÌ¿ëÇÏ¿© ¿ÜºÎ¿¡¼ ¼¹ö³»ÀÇ ÀÓÀÇÀÇ ¸í·ÉÀ» ¼öÇàÇÒ ¼ö ÀÖ´Ù. ¿¹¸¦µé¾î,
http://www.xxx.yy/cgi-bin/input.bat?|dir..\..\windows
¿Í °°ÀÌ ÇÏ¿© dir ¸í·ÉÀ» ¼öÇà½ÃÄÑ º¼ ¼ö ÀÖ´Ù.
¡Ø BUGTRAQ:19991102 Some holes for Win/UNIX softwares
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
AN-HTTPd À¥¼¹ö |
| ÇØ°áÃ¥ |
"http://www.st.rim.or.jp/~nakata/"¿¡¼ ¹öÀü 1.21À» ´Ù¿î·ÎµåÇÏ¿© ¼³Ä¡ÇÑ´Ù. |
| °ü·Ã URL |
CVE-1999-0947 (CVE) |
| °ü·Ã URL |
762 (SecurityFocus) |
| °ü·Ã URL |
(ISS) |
|
