English
¢¸¢· µÚ·Î
Ãë¾àÁ¡ID 22419
À§Çèµµ 40
Æ÷Æ® 80, ...
ÇÁ·ÎÅäÄÝ TCP
ºÐ·ù CGI
»ó¼¼¼³¸í ÇØ´ç À¥ ¼­¹ö´Â 5.1.4 ȤÀº 4.4.3 º¸´Ù ´õ ¿À·¡µÈ PHPÀÇ ¹öÀüÀ» °¡µ¿ ÁßÀÌ´Ù. PHP´Â À¥ °³¹ß¿¡ ÀûÇÕÇÏ°í HTML¿¡ ÀÓº£µðµå(embedded) µÉ ¼ö ÀÖ´Â ³Î¸® »ç¿ë ÁßÀÎ ¹ü¿ë ½ºÅ©¸³Æà ¾ð¾îÀÌ´Ù. 5.1.4 ȤÀº 4.4.3 ÀÌÀüÀÇ PHP ¹öÀüµéÀº Ãë¾àÇÑ ÇÁ·Î¼¼½ºÀÇ ±ÇÇÑÀ¸·Î ÄÚµå ½ÇÇàÀ» Çã¿ëÇÒ ¼ö ÀÖ´Â ¹öÆÛ ¿À¹öÇ÷οì, Èü ¼Õ»ó(corruption)À» Æ÷ÇÔÇÏ¿© ´ÙÁßÀÇ ·ÎÄà ¹× ¿ø°Ý Ãë¾àÁ¡µé¿¡ Ãë¾àÇÑ °ÍÀ¸·Î º¸°íµÇ¾ú´Ù.

* ¾Ë¸²: ÀÌ Á¡°ËÇ׸ñÀº ÀÌ Ãë¾àÁ¡À» Á¡°ËÇϱâ À§ÇØ ÇØ´ç À¥ ¼­¹öÀÇ ¹è³Ê Á¤º¸¸¸À» È®ÀÎÇÑ´Ù. µû¶ó¼­ °ÅÁþ ¾ç¼º¹ÝÀÀ(False Positive)À» º¸ÀÏ ¼ö ÀÖ´Ù.

* Âü°í »çÀÌÆ®:
http://www.php.net/release_4_4_3.php
http://www.php.net/release_5_1_3.php
http://www.php.net/release_5_1_4.php
http://www.securityfocus.com/archive/1/20060409192313.20536.qmail@securityfocus.com
http://www.hardened-php.net/hphp/zend_hash_del_key_or_index_vulnerability.html
http://www.securityfocus.com/archive/1/archive/1/442437/100/0/threaded

* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
PHP 4.4.3 ÀÌÀü ¹öÀüµé
PHP 5.1.4 ÀÌÀü ¹öÀüµé
¸ðµç ¿î¿µÃ¼Á¦ ¸ðµç ¹öÀü
ÇØ°áÃ¥ PHP À¥ »çÀÌÆ®ÀÎ http://www.php.net ¿¡¼­ ±¸ÇÒ ¼ö ÀÖ´Â PHPÀÇ °¡Àå ÃֽŠ¹öÀü(5.1.4 ȤÀº 4.4.3 ȤÀº ÀÌÈÄ)À¸·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù.
°ü·Ã URL CVE-2006-1494,CVE-2006-1608,CVE-2006-1990,CVE-2006-1991,CVE-2006-2563,CVE-2006-2660,CVE-2006-3011,CVE-2006-3016,CVE-2006-3017,CVE-2006-3018 (CVE)
°ü·Ã URL 17296,17362,17439,18116,18645 (SecurityFocus)
°ü·Ã URL 25508,25705,25706,26764,27414 (ISS)