|
Ä¿ÇÇÇâÀÌ ³ª´Â *NIX
Ä¿ÇǴнº
½Ã½ºÅÛ/³×Æ®¿÷/º¸¾ÈÀ» ´Ù·ç´Â °÷
|
|
|
|
ÀÌÀü ÁÖÁ¦ º¸±â :: ´ÙÀ½ ÁÖÁ¦ º¸±â |
±Û¾´ÀÌ |
¸Þ½ÃÁö |
truefeel Ä«Æä °ü¸®ÀÚ
°¡ÀÔ: 2003³â 7¿ù 24ÀÏ ¿Ã¸° ±Û: 1277 À§Ä¡: ´ëÇѹα¹
|
¿Ã·ÁÁü: 2009.8.21 ±Ý, 10:25 pm ÁÖÁ¦: 8.20~21 Ä¿ÇǴнº À̾߱â (º¸¾È, Ãë¾àÁ¡, Ç÷¡½¬ ÄíÅ° µî) |
|
|
°³ÀÎÁ¤º¸ ¾ÏÈ£È, 2009³âµµ »ó¹Ý±â '¾Ç¼ºÄÚµå Á¦°ÅÇÁ·Î±×·¥' ½ÇÅÂÁ¶»ç °á°ú, Ç÷¡½¬ ÄíÅ°ÀÇ Æ¯Â¡°ú »èÁ¦ ¹æ¹ý, ´Ù¾çÇÑ Ãë¾àÁ¡¿¡ ´ëÇÑ °ÍÀ» Á¤¸®Çß´Ù. 8.20(¸ñ)~21(±Ý) Ä¿ÇǴнº À̾߱âÁß¿¡ 'º¸¾È'ºÐ¾ß¸¸ Á¤¸®.
1. °³ÀÎÁ¤º¸ ¾Ïȣȿ¡ ´ëÇÑ À̾߱â
1) DBº¸¾È ¼Ö·ç¼Ç (¾ÏÈ£È + DB Á¢±Ù Á¦¾î)
2) ÇÁ·Î±×·¥¿¡¼ ¾ÏÈ£È/º¹È£È
3) DB°ÔÀÌÆ®´Ü¿¡¼ ¾ÏÈ£È/º¹È£È
2. 09³âµµ »ó¹Ý±â '¾Ç¼ºÄÚµå Á¦°ÅÇÁ·Î±×·¥' ½ÇÅÂÁ¶»ç °á°ú
3. ÄÄÆ®·çÅ×Å©³î·ÎÁö, µðµµ½ºÄ° CCÀÎÁõ °è¾à ü°á
4. Ãë¾àÁ¡
Àοë: |
A remote user can send specially crafted HTTP header values that use a comma character as a delimiter to cause the strListGetItem() function in 'src/HttpHeaderTools.c' to enter an infinite loop and consume all available CPU resources.
|
2) PHP "mail.log" Configuration Option "open_basedir" Restriction Bypass. PHP version 5.3.0 is affected.
http://www.securityfocus.com/bid/36007
3) Solaris sendfile and sendfilev Flaw Lets Local Users Deny Service
4) ÃÖ±Ù milw0rm.com¿¡ µî·ÏµÈ Ãë¾àÁ¡ (ÇöÀç ¹Ð¿ú »çÀÌÆ®°¡ Á¢¼Ó ¾ÈµÈ »óÅÂ¶ó¼ ´Ù½Ã Çѹø Àû´Â´Ù.)
Linux Kernel 2.x sock_sendpage() Local Root Exploi... - 2009-08-18
VUPlayer <= 2.49 (.m3u File) Universal Buffer Over... - 2009-08-18
asaher pro 1.0.4 Remote Database Backup Vulnerabil... - 2009-08-18
Traidnt UP 2.0 Remote SQL Injection Exploit - 2009-08-18
ZTE ZXDSL 831 II Modem Arbitrary Configuration Acc... - 2009-08-18
Best Dating Script Arbitrary Shell Upload Vulnerab... - 2009-08-18
5. Top websites uing Flash cookies to track user behavior
http://www.scmagazineus.com/top-websites-using-flash-cookies-to-track-user-behavior/article/141486/
Àοë: |
Unlike traditional HTTP cookies, Flash cookies are not controlled by the browser, so erasing HTTP cookies does not erase Flash cookies – enabling some websites, particularly advertising networks wishing to track users' browsing habits, to deter users' efforts to avoid being tracked, according to the report. |
Ç÷¡½¬ ÄíÅ°´Â ºê¶ó¿ìÀú¿¡¼ Á¦¾îÇÒ ¼ö ¾ø°í, HTTP ÄíÅ° »èÁ¦Çصµ Ç÷¡½¬ ÄíÅ°´Â Áö¿öÁö ¾Ê´Â´Ù. ±×·¡¼, À¥»çÀÌÆ®µéÀº À¯ÀúµéÀÇ ºê¶ó¿ì¡ ½À°üÀ» ÃßÀûÇϱ⸦ ¿øÇϴµ¥, ¹Ù·Î ÀÌ Ç÷¡½¬ ÄíÅ°¸¦ ÀÌ¿ëÇÒ ¼ö ÀÖ´Ù.
- Ç÷¡½¬ ÄíÅ° »èÁ¦ ( Adobe's Flash Player settings manager
http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html
6. milw0rm.com 21ÀÏ 18½Ã ÇöÀç ¿©ÀüÈ÷ Á¢¼Ó ¾ÈµÅ. (20ÀÏ »õº®¿¡µµ Á¢¼Ó ¾ÈµÆÀ½)
7. CSRF Åø : http://wocares.com/pf3.php
¡Ø Âü¿©ÀÚ : sCag, ÁÁÀºÁøÈ£, Ƽ´Ï, ¿ô´Â³²ÀÚ, ¹ü³ÃÀÌ µî |
|
À§·Î |
|
|
truefeel Ä«Æä °ü¸®ÀÚ
°¡ÀÔ: 2003³â 7¿ù 24ÀÏ ¿Ã¸° ±Û: 1277 À§Ä¡: ´ëÇѹα¹
|
¿Ã·ÁÁü: 2009.8.23 ÀÏ, 2:18 am ÁÖÁ¦: Re: milw0rm.com ÀÌÁ¦ Á¢¼ÓµÇ³×¿ä. |
|
|
truefeel ¾¸: |
4) ÃÖ±Ù milw0rm.com¿¡ µî·ÏµÈ Ãë¾àÁ¡ (ÇöÀç ¹Ð¿ú »çÀÌÆ®°¡ Á¢¼Ó ¾ÈµÈ »óÅÂ¶ó¼ ´Ù½Ã Çѹø Àû´Â´Ù.)
Linux Kernel 2.x sock_sendpage() Local Root Exploi... - 2009-08-18
VUPlayer <= 2.49 (.m3u File) Universal Buffer Over... - 2009-08-18
asaher pro 1.0.4 Remote Database Backup Vulnerabil... - 2009-08-18
Traidnt UP 2.0 Remote SQL Injection Exploit - 2009-08-18
ZTE ZXDSL 831 II Modem Arbitrary Configuration Acc... - 2009-08-18
Best Dating Script Arbitrary Shell Upload Vulnerab... - 2009-08-18 [/list]
... »ý·« ...
6. milw0rm.com 21ÀÏ 18½Ã ÇöÀç ¿©ÀüÈ÷ Á¢¼Ó ¾ÈµÅ. (20ÀÏ »õº®¿¡µµ Á¢¼Ó ¾ÈµÆÀ½)
|
¿ì¸®½Ã°£À¸·Î ÃÖ¼Ò 20ÀÏ »õº®ºÎÅÍ Á¢¼ÓÀÌ µÇÁö ¾Ê¾Ò´ø, http://www.milw0rm.com/ »çÀÌÆ®°¡ 23(ÀÏ) AM 01:00 ¿¡ Á¢¼ÓÇß´õ´Ï Á¢¼ÓÀÌ µË´Ï´Ù. DDoS °ø°ÝÀ» ¹Þ¾Æ¼ /24 ³×Æ®¿÷ÀÌ Åëä·Î ¸·Èù °ÍÀ¸·Î º¸ÀÔ´Ï´Ù.
Á¢¼Ó¾È µÉ ¶§ DNS Á¤º¸¸¦ °®°í ÀÖ¾î¼ IP ºñ±³¸¦ Çغôµ¥, IP°¡ º¯°æµÇ¾ú³×¿ä.
* 20ÀÏ~Á¢¼ÓµÇ±â Àü±îÁö IP : 76.74.9.18
* ÇöÀç IP : 66.227.17.18
¹Ð¿ú »çÀÌÆ®°¡ 'ĵĿÇÇ'ÀÇ 7¿ù ÀÏÁ¤( http://can.coffeenix.net/ )¿¡¼µµ º¸À̵íÀÌ 7¿ù 8ÀÏ¿¡µµ Çѹø ¹®À» ´Ý°í, ´Ù½Ã 10ÀÏ¿¡ Á¤»ó ¿ÀÇÂÇÑ ÀûÀÌ ÀÖ½À´Ï´Ù. ¿äÁò ÀÚÁÖ ÀÌ·¯³×¿ä.
±×¸®°í, ¹Ð¿úÀÌ Á¢¼Ó¾ÈµÉ ¶§´Â Àӽ÷Πinj3ct0r.com ( Æ®À§ÅÍ : http://twitter.com/inj3ct0r )¸¦ ÀÌ¿ëÇϱæ. |
|
À§·Î |
|
|
|
|
»õ·Î¿î ÁÖÁ¦¸¦ ¿Ã¸± ¼ö ÀÖ½À´Ï´Ù ´ä±ÛÀ» ¿Ã¸± ¼ö ÀÖ½À´Ï´Ù ÁÖÁ¦¸¦ ¼öÁ¤ÇÒ ¼ö ¾ø½À´Ï´Ù ¿Ã¸° ±ÛÀ» »èÁ¦ÇÒ ¼ö ¾ø½À´Ï´Ù ÅõÇ¥¸¦ ÇÒ ¼ö ¾ø½À´Ï´Ù
|
Powered by phpBB © 2001, 2005 phpBB Group
|