| Ãë¾àÁ¡ID |
21811 |
| À§Çèµµ |
30 |
| Æ÷Æ® |
80, ... |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
CGI |
| »ó¼¼¼³¸í |
ÇØ´ç Cerberus Support Center´Â 3.2.0pr2 ÀÌÀüÀÇ ¹öÀüµé¿¡ Á¸ÀçÇÏ´Â ´ÙÁßÀÇ Ãë¾àÁ¡µé¿¡ Ãë¾àÇÏ´Ù. Cerberus Support Center´Â PHP¿Í MySQL·Î ÀÛ¼ºµÈ À¥ ±â¹ÝÀÇ À̸ÞÀÏ °ü¸® ¼ÒÇÁÆ®¿þ¾î¿¡ ´ëÇÑ °í°´ ÀÎÅÍÆäÀ̽ºÀÌ´Ù. Cerberus Support Center 3.2.0pr2 ÀÌÀüÀÇ ¹öÀüµéÀº 'index.php' ½ºÅ©¸³Æ®ÀÇ 'kb_ask' Àμö¿Í 'attachment_send.php' ½ºÅ©¸³Æ®ÀÇ 'file_id' Àμö·Î Àü´ÞµÈ »ç¿ëÀÚ°¡ Á¦°øÇÑ ÀԷ¿¡ ´ëÇÑ ºÎÀûÀýÇÑ °ËÁõÀ¸·Î ÀÎÇÏ¿©, ´ÙÁßÀÇ Ãë¾àÁ¡µé¿¡ Ãë¾àÇÏ´Ù. ¿ø°ÝÁö °ø°ÝÀÚ´Â SQL ÁÖÀÔ °ø°Ý°ú cross-site scripting °ø°ÝÀ» ½ÇÇàÇÏ°í ¹Î°¨ÇÑ Á¤º¸¸¦ ³ëÃâ½ÃÅ´À¸·Î½á ÀÌ Ãë¾àÁ¡µéÀ» µµ¿ëÇÒ ¼ö ÀÖ´Ù.
* Âü°í »çÀÌÆ®:
http://forum.cerberusweb.com/showthread.php?s=&postid=30315
http://www.cerberusweb.com/devblog/?p=56
http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0949.html
http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040324.html
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Cerberus Support Center 3.2.0pr2 ÀÌÀüÀÇ ¹öÀüµé
¸ðµç ¿î¿µÃ¼Á¦ ¸ðµç ¹öÀü |
| ÇØ°áÃ¥ |
Cerberus Support Center ´Ù¿î·Îµå À¥ »çÀÌÆ®ÀÎ http://www.cerberusweb.com/download/archives ¿¡¼ ±¸ÇÒ ¼ö ÀÖ´Â Cerberus Support CenterÀÇ °¡Àå ÃֽŠ¹öÀü(3.2.0pr2 ȤÀº ÀÌÈÄ)À¸·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù. |
| °ü·Ã URL |
CVE-2005-4427,CVE-2005-4428 (CVE) |
| °ü·Ã URL |
16062 (SecurityFocus) |
| °ü·Ã URL |
23834,23836 (ISS) |
|
