| Ãë¾àÁ¡ID |
21864 |
| À§Çèµµ |
30 |
| Æ÷Æ® |
80, ... |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
CGI |
| »ó¼¼¼³¸í |
ÇØ´ç Horde Application Framework´Â 'url' Àμö¸¦ ÅëÇÑ ÆÄÀÏ ³ëÃâ Ãë¾àÁ¡¿¡ Ãë¾àÇÏ´Ù. Horde Application Framework´Â PHP·Î Á¦ÀÛµÈ À¥ ¾îÇø®ÄÉÀÌ¼Ç Á¦ÀÛȯ°æÀ» Á¦°øÇÑ´Ù. Horde Application Framework ¹öÀü 3.0.9¸¦ Æ÷ÇÔÇÑ ¿©·¯ ¹öÀüµéÀº 'services/go.php' ½ºÅ©¸³Æ®¿¡ ÀÖ´Â 'url' Àμö·Î Àü´ÞµÈ »ç¿ëÀÚ°¡ Á¦°øÇÑ ÀԷ¿¡ ´ëÇÑ ºÎÀûÀýÇÑ ÇÊÅ͸µÀ¸·Î ÀÎÇÏ¿©, ¿ø°ÝÁöÀÇ °ø°ÝÀÚ°¡ ÀÓÀÇÀÇ ÆÄÀϵéÀ» ÀÐ¾î °¥ ¼ö ÀÖ°Ô ÇØ ÁØ´Ù. 'url' Àμö ³»¿¡ NULL ¹ÙÀÌÆ® ¹®ÀÚ¸¦ Æ÷ÇÔÇÑ 'services/go.php' ½ºÅ©¸³Æ®·ÎÀÇ Àß Á¶ÀÛµÈ HTTP GET ¿äûÀ» º¸³¿À¸·Î½á, ¿ø°ÝÁöÀÇ °ø°ÝÀÚ´Â ¿µÇâÀ» ¹Þ´Â ½Ã½ºÅÛ »ó¿¡ ÀÓÀÇÀÇ ÆÄÀϵéÀ» ÀÐÀ» ¼ö ÀÖ´Ù.
* Âü°í »çÀÌÆ®:
http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043657.html
http://secunia.com/advisories/19246/
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Horde Project, Horde ¹öÀü 3.0.9¸¦ Æ÷ÇÔÇÑ ¿©·¯ ¹öÀüµé
¸ðµç ¿î¿µÃ¼Á¦ ¸ðµç ¹öÀü |
| ÇØ°áÃ¥ |
Horde À¥ »çÀÌÆ®ÀÎ http://www.horde.org/horde/ ¿¡¼ ±¸ÇÒ ¼ö ÀÖ´Â Horde Application FrameworkÀÇ °¡Àå ÃֽŠ¹öÀü(3.1 ȤÀº ÀÌÈÄ)À¸·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù. |
| °ü·Ã URL |
CVE-2006-1260 (CVE) |
| °ü·Ã URL |
17117 (SecurityFocus) |
| °ü·Ã URL |
25239 (ISS) |
|
