| Ãë¾àÁ¡ID |
22393 |
| À§Çèµµ |
40 |
| Æ÷Æ® |
8089 |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
WWW |
| »ó¼¼¼³¸í |
ÇØ´ç FTGate Mail ¼¹ö´Â 'index.fts' ½ºÅ©¸³Æ®¿¡ ÀÖ´Â Cross-Site Scripting Ãë¾àÁ¡¿¡ Ãë¾àÇÏ´Ù. FTGate´Â FTGate Technology¿¡ ÀÇÇØ °³¹ßµÈ Windows Ç÷§ÆûµéÀ» À§ÇÑ »ó¿ë ±×·ì¿þ¾î ¸ÞÀÏ ¼¹öÀÌ´Ù. FTGate 4.4 (build 4.4.002)¿Í ±× ÀÌÀüÀÇ ¹öÀüµéÀº ´ÙÁßÀÇ ¿ø°Ý Ãë¾àÁ¡µé¿¡ Ãë¾àÇÏ´Ù. ÀÌ Ãë¾àÁ¡µé¿¡´Â ¹öÆÛ ¿À¹öÇ÷οì, Format String, ±×¸®°í Cross-Site Scripting Ãë¾àÁ¡µéÀÌ ÀÖ´Ù. Format String°ú Cross-Site Scripting Ãë¾àÁ¡µé¿¡ ´ëÇÑ ¼º°øÀûÀÎ µµ¿ëÀº ¼ºñ½º °ÅºÎ³ª ¿µÇâÀ» ¹Þ´Â ¼¹öÀÇ È¯°æ ÇÏ¿¡¼ ÀÓÀÇÀÇ ÄÚµå ½ÇÇàÀ» ÃÊ·¡ÇÒ ¼ö ÀÖ´Ù. °ø°ÝÀÚ´Â Cross-Site Scripting Ãë¾àÁ¡À» µµ¿ëÇÏ¿© ¿µÇâÀ» ¹Þ´Â »çÀÌÆ®ÀÇ È¯°æ ÇÏ¿¡¼ ÀǽÉÀÌ ¾ø´Â »ç¿ëÀÚÀÇ ºê¶ó¿ìÀú¿¡¼ ÀÓÀÇÀÇ ½ºÅ©¸³Æ® Äڵ尡 ½ÇÇàµÇ°Ô ÇÒ ¼ö ÀÖ´Ù. ÀÌ´Â ÄíÅ° ±â¹ÝÀÇ ÀÎÁõ ½Å¿ëÁ¤º¸ÀÇ Å»Ã븦 Æ÷ÇÔÇÑ ¿©·¯ ´Ù¸¥ °ø°Ýµé¿¡ ÀÀ¿ëµÉ ¼ö ÀÖ´Ù.
* Âü°í »çÀÌÆ®:
http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040390.html
http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040391.html
http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040392.html
http://lists.grok.org.uk/pipermail/full-disclosure/2005-December/040393.html
http://archives.neohapsis.com/archives/fulldisclosure/2005-12/1017.html
http://archives.neohapsis.com/archives/fulldisclosure/2005-12/1018.html
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
FTGate Technology »ç, FTGate 4.4 (build 4.4.002)¿Í ±× ÀÌÀüÀÇ ¹öÀüµé
Microsoft Windows Any version |
| ÇØ°áÃ¥ |
FTGate À¥ »çÀÌÆ®ÀÎ http://www.ftgate.com/ ¿¡¼ ÃֽŹöÀüÀÇ FTGate(5 ÀÌ»ó)·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù. |
| °ü·Ã URL |
CVE-2005-4567,CVE-2005-4568,CVE-2005-4569 (CVE) |
| °ü·Ã URL |
15972 (SecurityFocus) |
| °ü·Ã URL |
23707,23708,23733 (ISS) |
|
