| Ãë¾àÁ¡ID |
25009 |
| À§Çèµµ |
40 |
| Æ÷Æ® |
1433 |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
DB |
| »ó¼¼¼³¸í |
ÇØ´ç Microsoft SQL ¼¹ö´Â µðÆúÆ® °èÁ¤µéÀ» °¡Áö°í ÀÖ´Ù. ¸¸¾à sa °èÁ¤ÀÌ Æнº¿öµå¸¦ °¡Áö°í ÀÖÁö ¾Ê´Ù¸é ÀÓÀÇÀÇ »ç¿ëÀÚ°¡ SQL ¼¹ö¿¡ ´ëÇÑ °ü¸®ÀÚ ±ÇÇÑÀ» Çà»çÇÒ ¼ö ÀÖ´Ù. sa °èÁ¤À¸·Î ¾×¼¼½º ÇÒ ¼ö ÀÖ´Â Àΰ¡¹ÞÁö ¾ÊÀº »ç¿ëÀÚ´Â ¶ÇÇÑ xp_cmdshell()°ú °°Àº ´Ù¾çÇÑ ÇÁ·Î½ÃÁ®¸¦ »ç¿ëÇÏ¿© MS SQL ¼ºñ½º°¡ ÀÛµ¿µÇ´Â ±ÇÇÑÀ¸·Î ½Ã½ºÅÛ »ó¿¡ ÀÓÀÇÀÇ ¸í·ÉÀ» ¼öÇàÇÒ ¼öµµ ÀÖ´Ù.
ÀÌ Ãë¾àÁ¡Àº Cblade ¿ú°ú SQL Spida ¿ú¿¡ ÀÇÇØ µµ¿ëµÇ°í ÀÖ´Ù.
* Âü°í »çÀÌÆ®:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q322336
http://www.iss.net/security_center/static/7610.php
http://www.kb.cert.org/vuls/id/635463
http://www.iss.net/security_center/static/9124.php
http://marc.theaimsgroup.com/?l=bugtraq&m=96333895000350&w=2
http://security-archive.merton.ox.ac.uk/bugtraq-200008/0233.html
http://support.microsoft.com/default.aspx?scid=kb;[LN];Q313418
http://www.iss.net/security_center/alerts/advise118.php
http://support.microsoft.com/support/kb/articles/Q274/7/73.ASP
http://www.securiteam.com/windowsntfocus/5EP0O0K2AS.html
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Microsoft SQL Server ¸ðµç ¹öÀü
Microsoft Data Engine ¸ðµç ¹öÀü |
| ÇØ°áÃ¥ |
µðÆúÆ® °èÁ¤¿¡ ´ëÇÑ Æнº¿öµå¸¦ ÃßÃøÇϱ⠾î·Á¿î °ÍÀ¸·Î ¼³Á¤ÇÏ¿©¾ß ÇÑ´Ù. Æнº¿öµå¸¦ ¼³Á¤Çϱâ À§Çؼ´Â SQL Query Window¸¦ ÅëÇÏ¿© sp_password ¶ó´Â Stored Procedure¸¦ »ç¿ëÇÒ ¼ö ÀÖ´Ù. ¿¹¸¦µé¾î, SA Æнº¿öµå¸¦ NULL¿¡¼ "complexpwd"·Î ¼³Á¤Çϱâ À§Çؼ´Â ´ÙÀ½°ú °°ÀÌ ÇÒ ¼ö ÀÖ´Ù:
exec sp_password NULL,'complexpwd','sa' |
| °ü·Ã URL |
CVE-2000-1209 (CVE) |
| °ü·Ã URL |
4797 (SecurityFocus) |
| °ü·Ã URL |
1459 (ISS) |
|
