|
|
Sendmail Debugger Arbitrary Code Execution Vulnerability |
A3 º¸¾È ÄÁ¼³Æà |
|
2001³â 09¿ù 03ÀÏ 00:00:00 |
À̼®±â ÄÁ¼³ÅÏÆ®
|
|
|
|
1. ¼³¸í
SendmailÀº Mail Transfer Agent(MTA)·Î °¡Àå ³Î¸® »ç¿ëµÇ°í ÀÖ´Â Application ÀÌ´Ù.
±×·±µ¥ ÀÌ sendmail ¹öÀü 8.11.0¿¡¼ 8.11.5»çÀÌÀÇ ÀϺΠ¹öÀü°ú 8.12 beta¹öÀü ÁßÀÇ ÀϺΰ¡ ³»ºÎ°ø°ÝÀÚ·Î ÇÏ¿©±Ý ºÒ¹ýÀûÀÎ °ü¸®ÀÚ±ÇÇÑÀ» ȹµæÇÒ ¼ö ÀÖ°Ô ÇÏ´Â ³»ºÎ Ãë¾àÁ¡À» °¡Áö°í ÀÖ´Â °ÍÀ¸·Î ¹àÇôÁ³´Ù. ÇÏÁö¸¸, ÀÌ Ãë¾àÁ¡Àº 8.10 ÀÌÀüÀÇ ¹öÀü¿¡´Â Á¸ÀçÇÏÁö ¾Ê´Â´Ù.
±¸Ã¼ÀûÀÎ ¿ø¸®¸¦ ¼³¸íÇÏÀÚ¸é, sendmail³» debugging ÇÔ¼ö(tTflag())ÀÇ ÀÔ·Â validation¿¡ ¿¡·¯°¡ Á¸ÀçÇϴµ¥ ÀÌ Ãë¾àÁ¡À» ÀÌ¿ëÇÑ °ø°ÝÀÌ °¡´ÉÇÏ´Ù.
ÀÌ ÇÔ¼ö´Â "-d" optionÀ» ÀÌ¿ëÇÏ¿© "trace vector"ÀÇ index°ªÀ¸·Î ºÎÈ£ÈµÈ Á¤¼ö¸¦ »ç¿ëÇÑ´Ù. ±×·¯³ª ÀÌ ÇÔ¼ö´Â À½¼ö°ªÀ» °Ë»çÇÏÁö ¾Ê±â ¶§¹®¿¡, ³»ºÎ °ø°ÝÀÚ°¡ ÆĶó¹ÌÅÍ·Î ¸Å¿ì Å«¼ö(vectorÀÇ ¹üÀ§¸¦ ¹þ¾î³)¸¦ »ç¿ëÇÔÀ¸·Î½á ºÎÈ£ÈµÈ Á¤¼ö overflow¸¦ ÀÏÀ¸ÄÑ °ü¸®ÀÚ ±ÇÇÑÀ» ȹµæÇÒ ¼ö ÀÖ´Â °ÍÀÌ´Ù.
2. °áÇÔ±âÁ¾
Sendmail Consortium Sendmail 8.12beta7
Sendmail Consortium Sendmail 8.12beta5
Sendmail Consortium Sendmail 8.12beta16
Sendmail Consortium Sendmail 8.12beta12
Sendmail Consortium Sendmail 8.12beta10
Sendmail Consortium Sendmail 8.11.5
Sendmail Consortium Sendmail 8.11.4
Sendmail Consortium Sendmail 8.11.3
Sendmail Consortium Sendmail 8.11.2
Sendmail Consortium Sendmail 8.11.1
Sendmail Consortium Sendmail 8.11
3. ÇØ°áÃ¥
ÇöÀç »ç¿ëÁßÀÎ SendmailÀÇ ¹öÁ¯¿¡ µû¶ó ´ÙÀ½°ú °°ÀÌ ¾÷±×·¹À̵å ÇÑ´Ù.
1. ¸ðµç Sendmail 8.12beta ¹öÀü -> sendmail.8.12.0.Beta19·Î ¾÷±×·¹À̵å.
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.0.Beta19.tar.gz
2. Sendmail 8.11.0¿¡¼ 8.11.5 ¹öÀü -> sendmail.8.11.6 À¸·Î ¾÷±×·¹À̵å.
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.11.6.tar.gz |
|
|
|
|
|
|
¨Ï µ¥ÀÌÅͳÝ(http://t564.ndsoftnews.com) ¹«´ÜÀüÀç ¹× Àç¹èÆ÷±ÝÁö | ÀúÀ۱ǹ®ÀÇ |
|
|
|
|
|
| |
°¡Àå ¸¹ÀÌ º» ±â»ç |
|
|
|