| Ãë¾àÁ¡ID |
21152 |
| À§Çèµµ |
30 |
| Æ÷Æ® |
80, ... |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
CGI |
| »ó¼¼¼³¸í |
À¥¼¹ö¿¡ "netauth.cgi" CGI°¡ ¼³Ä¡µÇ¾î ÀÖ´Ù. Netwin Netauth´Â À¥ ±â¹ÝÀÇ email °ü¸® ÅøÀÌ´Ù.
Netwin Netauth 4.2 ÀÌÇÏÀÇ ¹öÀüµéÀº Attacker°¡ ¿ø°ÝÀ¸·Î "dot dot" (/../) ½ÃÄö½º¸¦ ÀÌ¿ëÇÏ¿© http µ¥¸óÀÇ ±ÇÇÑ(root ȤÀº nobody)À¸·Î ¼¹ö³»ÀÇ ÀÓÀÇÀÇ ÆÄÀϵéÀ» ÀÐÀ» ¼ö ÀÖµµ·Ï ÇØ ÁØ´Ù.
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Web Server |
| ÇØ°áÃ¥ |
Netwin NetauthÀÇ ÃֽŠ¹öÀü(4.2f ȤÀº ÀÌÈÄ ¹öÀü)À¸·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù.
2012³â 4¿ù ÇöÀç NetAuth´Â SurgeMail·Î ´ëüµÇ¾úÀ¸¸ç ´ÙÀ½ »çÀÌÆ®¿¡¼ ÃֽŠ¹öÀüÀ» ¼³Ä¡ÇÒ ¼ö ÀÖ´Ù.
http://netwinsite.com/cgi-bin/keycgi.exe?cmd=download&product=surgemail |
| °ü·Ã URL |
CVE-2000-0782 (CVE) |
| °ü·Ã URL |
1587 (SecurityFocus) |
| °ü·Ã URL |
5090 (ISS) |
|
