| Ãë¾àÁ¡ID |
21175 |
| À§Çèµµ |
40 |
| Æ÷Æ® |
80, ... |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
CGI |
| »ó¼¼¼³¸í |
À¥¼¹ö¿¡ "calendar_admin.pl" CGI°¡ ¼³Ä¡µÇ¾î ÀÖ´Ù. Matt KruseÀÇ Calendar CGI ÆÐÅ°Áö´Â À¥±â¹Ý ´Þ·Â ½Ã½ºÅÛÀ» ±¸ÇöÇÑ ¹«·á¹èÆ÷ ÅøÀÌ´Ù. calendar.pl°ú calendar_admin.pl CGI´Â 'config' Àμö¿¡¼ shell meta ¹®ÀÚµéÀ» °É·¯³»Áö ¾Ê¾Æ Perl open() ÇÔ¼ö¸¦ È£ÃâÇÒ ¶§ º¸¾È¿¡ ¹®Á¦¸¦ ÀÏÀ¸Å²´Ù. ÀÌ CGIµéÀº http µ¥¸óÀÇ ±ÇÇÑ(root ȤÀº nobody)ÀÇ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ¸í·ÉÀ» ¼öÇà½Ãų ¼ö ÀÖ°Ô ÇØ ÁØ´Ù.
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Web Server |
| ÇØ°áÃ¥ |
Matt Kruse CalendarÀÇ ÃֽŠ¹öÀüÀ¸·Î ¾÷±×·¹À̵å ÇØ¾ß ÇÑ´Ù.
http://www.calendarscript.com/ |
| °ü·Ã URL |
CVE-2000-0432 (CVE) |
| °ü·Ã URL |
1215 (SecurityFocus) |
| °ü·Ã URL |
4464 (ISS) |
|
