| Ãë¾àÁ¡ID |
22063 |
| À§Çèµµ |
30 |
| Æ÷Æ® |
80, ... |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
WWW |
| »ó¼¼¼³¸í |
ÇØ´ç Lotus Domino À¥¼¹ö´Â 'View' ACL bypass Ãë¾àÁ¡À» °¡Áö°í ÀÖ´Ù.
Lotus Domino´Â IBM¿¡ ÀÇÇØ °³¹ßµÈ ¾ÖÇø®ÄÉÀÌ¼Ç ¼¹öÀÌ´Ù. ±× Ư¡ÁßÀÇ Çϳª´Â À¥±â¹ÝÀÇ ÀÎÅÍÆäÀ̽º¸¦ ÅëÇÏ¿© Lotus Notes µ¥ÀÌÅͺ£À̽º¿¡ ´ëÇÑ ¿ø°ÝÁö »ç¿ëÀÚ Á¶ÀÛ±â´ÉÀ» Á¦°øÇÏ´Â °ÍÀÌ´Ù.
Lotus Notes ¹®¼µéÀº Lotus Domino¿¡ ÀÖ´Â 'Views'·Î ¸¸µé¾îÁú ¼ö ÀÖ´Ù. Áß¿äÇÑ ¹®¼µéÀ» º¸È£Çϱâ À§ÇØ ACLµéÀ» Viewµé°ú View·Î ¸¸µé¾îÁø ¸ðµç ¹®¼µé¿¡ Àû¿ëÇÒ ¼ö ÀÖ°Ô µÇ¾î ÀÖ´Ù. Lotus Domino 5.x´Â ¹®¼ NoteID¸¦ Á÷Á¢ ¸í½ÃÇØ ÁÜÀ¸·Î½á °£´ÜÇÏ°Ô ¾î¶² View·ÎºÎÅÍ ¾î¶² Notes ¹®¼¸¦ ¾×¼¼½ºÇÒ ¼ö ÀÖ´Â Ãë¾àÁ¡À» °¡Áö°í ÀÖ´Ù.
ÀÌ ¹®Á¦Á¡ÀÇ ¿¹·Î½á Statistics Reporting µ¥ÀÌÅͺ£À̽º, statrep.nsf¸¦ °Ë»çÇØ º¼ ¼ö ÀÖ´Ù.
´ÙÀ½°ú °°ÀÌ Events View¸¦ ¿ÀÇÂÇϸé:
http://target/statrep.nsf/136/?OpenView
¸î¸î ¹®¼µéÀ» º¼ ¼ö ÀÖÀ» °ÍÀÌ´Ù. (136Àº Events ViewÀÇ NoteIDÀÌ´Ù.)
* Âü°í »çÀÌÆ®:
http://www.securityfocus.com/bid/3489
http://www.securiteam.com/securitynews/6W0030U35W.html |
| ÇØ°áÃ¥ |
ACL(Access Control List)µéÀ» View¿¡ Àû¿ëÇÏ¿©¾ß ÇÑ´Ù. ±×·¯¸é ±× View¿¡ ÀÖ´Â ¹®¼µé±îÁö º¸È£µÈ´Ù. |
| °ü·Ã URL |
(CVE) |
| °ü·Ã URL |
(SecurityFocus) |
| °ü·Ã URL |
(ISS) |
|
