½Ã½ºÅÛ°ü¸®ÀÚÀÇ ½°ÅÍ Ä¿ÇǴнº Ä¿ÇÇÇâÀÌ ³ª´Â *NIX
Ä¿ÇǴнº
½Ã½ºÅÛ/³×Æ®¿÷/º¸¾ÈÀ» ´Ù·ç´Â °÷
 FAQFAQ   °Ë»ö°Ë»ö   ¸â¹ö¸®½ºÆ®¸â¹ö¸®½ºÆ®   »ç¿ëÀÚ ±×·ì»ç¿ëÀÚ ±×·ì   »ç¿ëÀÚ µî·ÏÇϱâ»ç¿ëÀÚ µî·ÏÇϱâ 
 °³ÀÎ Á¤º¸°³ÀÎ Á¤º¸   ºñ°ø°³ ¸Þ½ÃÁö¸¦ È®ÀÎÇÏ·Á¸é ·Î±×ÀÎÇϽʽÿÀºñ°ø°³ ¸Þ½ÃÁö¸¦ È®ÀÎÇÏ·Á¸é ·Î±×ÀÎÇϽʽÿÀ   ·Î±×Àηα×ÀΠ

°¡ÀÔ¾øÀÌ ´©±¸³ª ±ÛÀ» ¾µ ¼ö ÀÖ½À´Ï´Ù. °øÁö»çÇ׿¡ ´ëÇÑ ´ñ±Û±îÁöµµ..
IT ÀÏÁ¤ New!
ÀÚµ¿È­ ÇÁ·ÎÁ§Æ®




BBS >> ¼³Ä¡, ¿î¿µ Q&A | ³×Æ®¿÷, º¸¾È Q&A | ÀÏ¹Ý Q&A || Á¤º¸¸¶´ç | AWS || ÀÚÀ¯°Ô½ÃÆÇ | ±¸Àα¸Á÷ || °øÁö»çÇ× | ÀÇ°ßÁ¦½Ã
SquirrelMail XSS & IMAP Ãë¾à¼º

 
±Û ¾²±â   ´äº¯ ´Þ±â    Ä¿ÇǴнº, ½Ã½ºÅÛ ¿£Áö´Ï¾îÀÇ ½°ÅÍ °Ô½ÃÆÇ À妽º -> *NIX / IT Á¤º¸
ÀÌÀü ÁÖÁ¦ º¸±â :: ´ÙÀ½ ÁÖÁ¦ º¸±â  
±Û¾´ÀÌ ¸Þ½ÃÁö
truefeel
Ä«Æä °ü¸®ÀÚ


°¡ÀÔ: 2003³â 7¿ù 24ÀÏ
¿Ã¸° ±Û: 1277
À§Ä¡: ´ëÇѹα¹
¿Ã¸®±â¿Ã·ÁÁü: 2006.2.24 ±Ý, 4:39 pm    ÁÖÁ¦: SquirrelMail XSS & IMAP Ãë¾à¼º Àοë°ú ÇÔ²² ´äº¯
´ëÇ¥ÀûÀÎ PHP±â¹Ý À¥¸ÞÀÏ ÇÁ·Î±×·¥ÀÎ SquirrelMail¿¡ ¸î°¡Áö Ãë¾à¼ºÀÌ ¹ß°ßµÇ¾ú½À´Ï´Ù.
1.4.5 ¹öÀü±îÁö À̹®Á¦µéÀº Á¸ÀçÇÕ´Ï´Ù. 23ÀÏ 1.4.6ÀÌ ¹ßÇ¥µÇ¾úÀ¸´Ï ¾÷±×·¹À̵å Çϼ¼¿ä.

* webmail.php¿¡¼­ right_frame ÆĶó¹ÌÅ͸¦ ÅëÇÑ XSS(Cross-Site Scripting) Ãë¾à¼º
¡¡ http://www.squirrelmail.org/security/issue/2006-02-01

* MagicHTML ¿¡ XSS Ãë¾à¼º (IE ºê¶ó¿ìÀú¸¸)
MagicHTML ÇÊÅÍ°¡ ½ºÅ¸ÀϽÃÆ® ³»ÀÇ ÁÖ¼®À» Á¤È®ÇÏ°Ô ¹«½ÃÇÏÁö ¸øÇØ ¸ÞÀÏÀ» Àд »ç¿ëÀÚÀÇ °³ÀÎÁ¤º¸¸¦ ¾ò¾î³¾ ¼ö ÀÖ´Â ¹®Á¦°¡ ÀÖ½À´Ï´Ù.
¡¡ http://www.squirrelmail.org/security/issue/2006-02-10

* sqimap_mailbox_selectÀÇ mailbox ÆĶó¹ÌÅÍ¿¡ IMAP injection Ãë¾à¼º
¡¡ http://www.squirrelmail.org/security/issue/2006-02-15

°ü·ÃÁ¤º¸ : http://secunia.com/advisories/18985/

ÄÚµå:

Secunia Advisory:       SA18985 Print Advisory
Release Date:           2006-02-22

Critical:               Less critical
Impact:                 Cross Site Scripting
                        Manipulation of data
Where:                  From remote
Solution Status:        Vendor Patch

Software:               SquirrelMail 1.x

                        Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it.

CVE reference:          CVE-2006-0188
                        CVE-2006-0195
                        CVE-2006-0377

Description:
Some vulnerabilities have been reported in SquirrelMail, which can be exploited by malicious users to manipulate certain information and by malicious people to conduct cross-site scripting attacks.

... »ý·« ...
À§·Î
»ç¿ëÀÚ Á¤º¸ º¸±â ºñ¹Ð ¸Þ½ÃÁö º¸³»±â ±Û ¿Ã¸°ÀÌÀÇ À¥»çÀÌÆ® ¹æ¹®
ÀÌÀü ±Û Ç¥½Ã:   
±Û ¾²±â   ´äº¯ ´Þ±â    Ä¿ÇǴнº, ½Ã½ºÅÛ ¿£Áö´Ï¾îÀÇ ½°ÅÍ °Ô½ÃÆÇ À妽º -> *NIX / IT Á¤º¸ ½Ã°£´ë: GMT + 9 ½Ã°£(Çѱ¹)
ÆäÀÌÁö 1 Áß 1

 
°Ç³Ê¶Ù±â:  
»õ·Î¿î ÁÖÁ¦¸¦ ¿Ã¸± ¼ö ÀÖ½À´Ï´Ù
´ä±ÛÀ» ¿Ã¸± ¼ö ÀÖ½À´Ï´Ù
ÁÖÁ¦¸¦ ¼öÁ¤ÇÒ ¼ö ¾ø½À´Ï´Ù
¿Ã¸° ±ÛÀ» »èÁ¦ÇÒ ¼ö ¾ø½À´Ï´Ù
ÅõÇ¥¸¦ ÇÒ ¼ö ¾ø½À´Ï´Ù


Powered by phpBB © 2001, 2005 phpBB Group