Ãë¾àÁ¡ID |
21866 |
À§Çèµµ |
40 |
Æ÷Æ® |
80, ... |
ÇÁ·ÎÅäÄÝ |
TCP |
ºÐ·ù |
CGI |
»ó¼¼¼³¸í |
ÇØ´ç PHP iCalendar´Â 'publish.ical.php' ½ºÅ©¸³Æ®¸¦ ÅëÇØ ·ÎÄà ÆÄÀÏ Include Ãë¾àÁ¡¿¡ Ãë¾àÇÏ´Ù. PHP iCalendar´Â PHP·Î Á¦ÀÛµÈ À¥ ±â¹ÝÀÇ ´Þ·Â ºä¾î / Æļ(parser)ÀÌ´Ù. PHP iCalendar ¹öÀü 2.21°ú ±× ÀÌÀüÀÇ ¹öÀüµé¿¡ ÀÖ´Â 'publish.ical.php' ½ºÅ©¸³Æ®´Â calendars µð·ºÅ丮¿¡ ´ëÇÑ ¾²±â ±ÇÇÑÀÇ Á¢±Ù¿¡ ´ëÇÑ ÀÎÁõÀ» ¿ä±¸ÇÏÁö ¾Ê´Â´Ù. ÀÌ´Â ¿ø°ÝÁöÀÇ °ø°ÝÀÚ°¡ ÀÓÀÇÀÇ ÆÄÀϵéÀ» ¾÷·Îµå(upload)ÇÒ ¼ö ÀÖ°Ô ÇØ ÁØ´Ù. 'X-WR-CALNAME' Àμö¿¡ NULL ¹®ÀÚ¸¦ Æ÷ÇÔÇÑ ÆÄÀϸíÀ» °¡Áø Àß Á¶ÀÛµÈ PUT ¿äûÀ» 'publish.ical.php' ½ºÅ©¸³Æ®·Î º¸³¿À¸·Î½á, ¿ø°ÝÁöÀÇ °ø°ÝÀÚ´Â ¿µÇâÀ» ¹Þ´Â È£½ºÆ® »ó¿¡ ÀÓÀÇÀÇ PHP ½ºÅ©¸³Æ®µéÀ» ¾÷·ÎµåÇÏ°í ½ÇÇàÇÒ ¼ö ÀÖ´Ù.
* Âü°í »çÀÌÆ®: http://downloads.securityfocus.com/vulnerabilities/exploits/php-iCalendar-221.upload.php http://secunia.com/advisories/19285/
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû: PHP iCalendar ¹öÀü 2.21°ú ±× ÀÌÀüÀÇ ¹öÀüµé ¸ðµç ¿î¿µÃ¼Á¦ ¸ðµç ¹öÀü |
ÇØ°áÃ¥ |
SourceForge.net ´Ù¿î·Îµå À¥ »çÀÌÆ®ÀÎ http://sourceforge.net/project/showfiles.php?group_id=62270 ¿¡¼ ÃֽŹöÀüÀÇ PHP iCalendar·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù.
Àӽà Á¶Ä¡¹æ¹ýÀ¸·Î´Â, ¾îÇø®ÄÉÀ̼ÇÀÇ 'config.inc.php' ÆÄÀÏÀ» ÆíÁýÇÏ¿© '$phpicalendar_publishing'À» 0À¸·Î ¼³Á¤ÇÔÀ¸·Î½á calendarÀÇ ¾÷·Îµå(upload) ±â´ÉÀ» ÁßÁö½ÃÄÑ¾ß ÇÑ´Ù. |
°ü·Ã URL |
CVE-2006-1291 (CVE) |
°ü·Ã URL |
17129 (SecurityFocus) |
°ü·Ã URL |
(ISS) |
|