Ãë¾àÁ¡ID |
21227 |
À§Çèµµ |
40 |
Æ÷Æ® |
80, ... |
ÇÁ·ÎÅäÄÝ |
TCP |
ºÐ·ù |
CGI |
»ó¼¼¼³¸í |
¾î¶² Windows CGI ÀÎÅÍÇÁ¸®ÅÍ ÆÄÀÏÀÌ ÇØ´ç À¥ ¼¹ö »óÀÇ CGI bin µð·ºÅ丮¿¡¼ ¹ß°ßµÈ´Ù. ÀϹÝÀûÀÎ À¥ ¼¹ö ¼³Á¤¿À·ù´Â (/cgi-bin/, /scripts/¿Í °°Àº) CGI bin µð·ºÅ丮¿¡ Shell ÀÎÅÍÇÁ¸®ÅÍ(cmd.exe)¸¦ µÎ´Â °ÍÀÌ´Ù. ¶ÇÇÑ ¸î¸î Ãʱâ À¥ ¼¹öÀÇ ¹®¼¿¡´Â (perl.exe, java.exe µî°ú °°Àº) CGI ½ºÅ©¸³Æ® ÀÎÅÍÇÁ¸®Å͵éÀÌ CGI bin µð·ºÅ丮¿¡ À§Ä¡ÇÏ¿©¾ß ÇÑ´Ù°í ¸»ÇÏ°í ÀÖ´Ù. CGI bin µð·ºÅ丮¿¡ Shell ÀÎÅÍÇÁ¸®Å͵éÀ̳ª CGI ½ºÅ©¸³Æ® ÀÎÅÍÇÁ¸®Å͵éÀÌ À§Ä¡ÇÏ°Ô µÇ¸é ¿ø°ÝÁöÀÇ °ø°ÝÀÚ¿¡°Ô ±× ÀÎÅÍÇÁ¸®Å͵éÀ» ÅëÇØ ÀÓÀÇÀÇ ¸í·ÉµéÀ» ½ÇÇà½Ãų ¼ö ÀÖ°Ô ÇØ ÁÙ ¼ö ÀÖ´Ù. Àß Á¶ÀÛµÈ HTTP ¿äûÀ» º¸³¿À¸·Î½á, ¿ø°ÝÁöÀÇ °ø°ÝÀÚ´Â ÀÌ·¯ÇÑ ShellµéÀÌ ¼¹ö »ó¿¡ ÀÓÀÇÀÇ ¸í·ÉµéÀ» ½ÇÇà½Ãų ¼ö ÀÖ°Ô ÇÒ ¼ö ÀÖ´Ù.
* Âü°í »çÀÌÆ®: http://www.cert.org/advisories/CA-1996-11.html
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû: ¸ðµç HTTP ¼¹ö ¸ðµç ¹öÀü Microsoft Windows Any version |
ÇØ°áÃ¥ |
CGI ½ºÅ©¸³Æ® ȤÀº Shell ÀÎÅÍÇÁ¸®ÅÍÀÇ ¾×¼¼½º°¡ ÇÊ¿äÇÑ ¾î¶² CGI ÇÁ·Î±×·¥µéÀÌ ÀÖ´Ù¸é WWW Root ¿ÜºÎ¿¡ ±× ÀÎÅÍÇÁ¸®Å͸¦ ¿Å°Ü ³õ¾Æ¾ß ÇÑ´Ù. ±×¸®°í ±× CGI ÇÁ·Î±×·¥µéÀÌ »õ·Î¿î À§Ä¡¿¡ ÀÖ´Â ÀÎÅÍÇÁ¸®Å͸¦ ãÀ» ¼ö ÀÖµµ·Ï ¼öÁ¤ÇØ¾ß ÇÑ´Ù.
-- ±×¸®°í --
CGI ½ºÅ©¸³Æ® ȤÀº Shell ÀÎÅÍÇÁ¸®Å͸¦ »ç¿ëÇÏ´Â ÇÁ·Î±×·¥µéÀÌ ¾ø´Ù¸é CGI bin µð·ºÅ丮·ÎºÎÅÍ ±× ÀÎÅÍÇÁ¸®Å͸¦ Á¦°ÅÇÏ¿©¾ß ÇÑ´Ù. |
°ü·Ã URL |
CVE-1999-0509 (CVE) |
°ü·Ã URL |
(SecurityFocus) |
°ü·Ã URL |
146 (ISS) |
|