| Ãë¾àÁ¡ID |
22460 |
| À§Çèµµ |
30 |
| Æ÷Æ® |
3689,9999 |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
WWW |
| »ó¼¼¼³¸í |
ÇØ´ç Firefly Media Server´Â ºÎºÐÀû µð·ºÅ丮 Ž»ö Ãë¾àÁ¡¿¡ Ãë¾àÇÏ´Ù. Firefly Media Server (¿¹Àü¿¡´Â Multi-Threaded DAAP Daemon (mt-daapd)·Î ¾Ë·ÁÁü)´Â ¹Ìµð¾î ½ºÆ®¸®¹Ö ¼¹öÀÌ´Ù. Firefly Media Server ¹öÀü 0.2.4.1°ú ±× ÀÌÀüÀÇ ¹öÀüµéÀº ºÎºÐÀû µð·ºÅ丮 Ž»ö Ãë¾àÁ¡¿¡ Ãë¾àÇÏ´Ù. "dot dot dot" ½ÃÄö½ºµé (/.../)À» Æ÷ÇÔÇÏ´Â Àß Á¶ÀÛµÈ HTTP GET ¿äûÀ» º¸³¿À¸·Î½á, ¿ø°ÝÁöÀÇ °ø°ÝÀÚ´Â ¾îÇø®ÄÉÀ̼ÇÀÇ ¼³Á¤ ÆÄÀÏÀ» Æ÷ÇÔÇÏ°í ÀÖ´Â FireflyÀÇ 'admin-root' Æú´õÀÇ ºÎ¸ð µð·ºÅ丮¿¡ ÀÖ´Â ÀÓÀÇÀÇ ÆÄÀϵéÀ» º¼ ¼ö ÀÖ´Ù.
* Âü°í »çÀÌÆ®:
http://www.securityfocus.com/archive/1/484763/30/0/threaded
http://aluigi.altervista.org/adv/fireflyz-adv.txt
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Firefly Media Server ¹öÀü SVN 1699°ú ±× ÀÌÀüÀÇ ¹öÀüµé
Firefly Media Server ¹öÀü 0.2.4.1À» Æ÷ÇÔÇÑ ¿©·¯ ¹öÀüµé
Linux Any version |
| ÇØ°áÃ¥ |
FireFly Media Server ´Ù¿î·Îµå À¥ ÆäÀÌÁöÀÎ http://soundbridge.roku.com/support/dwnld_firefly.php ¿¡¼ ÃֽŹöÀüÀÇ Firefly Media Server (mt-daapd)·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù. |
| °ü·Ã URL |
(CVE) |
| °ü·Ã URL |
26770 (SecurityFocus) |
| °ü·Ã URL |
38842,38844 (ISS) |
|
