| Ãë¾àÁ¡ID |
21166 |
| À§Çèµµ |
30 |
| Æ÷Æ® |
80, ... |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
CGI |
| »ó¼¼¼³¸í |
À¥¼¹ö¿¡ "hsx.cgi" CGI°¡ ¼³Ä¡µÇ¾î ÀÖ´Ù.
Hyperseek 2000 Search EngineÀº hsx.cgi ½ºÅ©¸³Æ®¿¡¼ÀÇ ºÎÀûÀýÇÑ ÇÊÆ®¸µÀ¸·Î ÀÎÇÏ¿© À¥¼¹ö »óÀÇ µð·ºÅ丮µéÀÌ Attacker¿¡ ÀÇÇØ ¿ø°ÝÀ¸·Î °Ë»öµÉ ¼ö ÀÖ´Ù. hsx.cgi ½ºÅ©¸³Æ®´Â "dot dot" ½ÃÄö½º(/../)¿Í "%00" ¹®ÀÚµéÀ» Æ÷ÇÔÇÑ URLÀ» »ç¿ëÇÏ¿© À¥¼¹ö »óÀÇ ÀÓÀÇÀÇ µð·ºÅ丮³ª ÆÄÀϵéÀ» http µ¥¸óÀÇ ±ÇÇÑ(root ȤÀº nobody)À¸·Î Àо ¼ö ÀÖ´Ù.
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Web Server |
| ÇØ°áÃ¥ |
2014³â 6¿ù ÇöÀç ¹®Á¦¿¡ ´ëÇÑ ÇØ°á¹æ¹ýÀº ³ª¿ÍÀÖÁö ¾Ê´Ù. /cgi-bin µð·ºÅ丮·Î ºÎÅÍ ±× CGI¸¦ »èÁ¦ÇØ¾ß ÇÑ´Ù. |
| °ü·Ã URL |
CVE-2001-0253 (CVE) |
| °ü·Ã URL |
2314 (SecurityFocus) |
| °ü·Ã URL |
6012 (ISS) |
|
