| Ãë¾àÁ¡ID |
21177 |
| À§Çèµµ |
30 |
| Æ÷Æ® |
80, ... |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
CGI |
| »ó¼¼¼³¸í |
À¥¼¹ö¿¡ "/cgi-bin/cgiforum.pl" CGI°¡ ¼³Ä¡µÇ¾î ÀÖ´Ù. Markus TriskaÀÇ CGIForumÀº À¥ ±â¹Ý ¸Þ¼¼Áö º¸µå¸¦ ¸¸µé°í °ü¸®Çϴµ¥ »ç¿ëµÇ´Â »ç¿ë CGI ½ºÅ©¸³Æ®ÀÌ´Ù.
CGIForum ¹öÀü 1.0Àº "thesection" Àμö·ÎÀÇ »ç¿ëÀÚ ÀԷ¿¡ ´ëÇØ º¸¾È»óÀÇ ÃæºÐÇÑ Ã¼Å©À» ÇÏÁö ¾Ê¾Æ Attacker°¡ ¿ø°ÝÀ¸·Î ¼¹ö»óÀÇ µð·ºÅ丮µéÀ» µÚÁ® º¼ ¼ö ÀÖ°Ô ÇØ ÁØ´Ù. Attacker´Â "dot dot" ½ÃÄö½º (/../)¸¦ Æ÷ÇÔÇÑ URLÀ» ¸¸µé¾î http µ¥¸óÀÇ ±ÇÇÑ(root ȤÀº nobody)À» °¡Áö°í ¼¹ö³»ÀÇ ÀÓÀÇÀÇ ÆÄÀϵéÀ» ÀÐÀ» ¼ö ÀÖ´Ù.
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Web Server |
| ÇØ°áÃ¥ |
CGIForumÀÇ ÃֽŠ¹öÀü(1.01ÀÌ»ó)À» ±¸Çؼ ¼³Ä¡Çϰųª /cgi-bin µð·ºÅ丮·Î ºÎÅÍ ±× CGI¸¦ »èÁ¦ÇØ¾ß ÇÑ´Ù. |
| °ü·Ã URL |
CVE-2000-1171 (CVE) |
| °ü·Ã URL |
1963 (SecurityFocus) |
| °ü·Ã URL |
5553 (ISS) |
|
