°øÁö»çÇ×
º¸¾ÈÆÐÄ¡
°áÁ¦¹æ¹ý¾È³»
¼­ºñ½º ÀÌ¿ë¾à°ü
°³ÀÎÁ¤º¸Ãë±Þ¹æÄ§
ÀÚÁÖ¹¯´ÂÁú¹®
±â¼ú°¡À̵å
¹®ÀÇÇϱâ
Á¦ ¸ñ ¸®´ª½º Ghost Ãë¾àÁ¡ º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í
ÀÛ¼ºÀÚ °ü¸®ÀÚ ( se@hhosting.co.kr ) µî·ÏÁ¤º¸ 2015-01-29 15:59:54 Á¶È¸¼ö 20371
¡à °³¿ä

o ¹Ì±¹ US-CERT´Â ¸®´ª½º GNU C ¶óÀ̺귯¸®(glibc)¿¡¼­ ÀÓÀÇÄڵ带 ½ÇÇàÇÒ ¼ö ÀÖ´Â Ãë¾àÁ¡(CVE-2015-0235)ÀÌ ¹ß°ßµÇ¾ú´Ù°í ¹ßÇ¥

¡Ø CVE-2015-0235´Â ÇØ´ç ¶óÀ̺귯¸®ÀÇ gethostbyname( ) ÇÔ¼ö ó¸® °úÁ¤¿¡¼­ ¹ß»ýÇÏ´Â ¹öÆÛ¿À¹öÇ÷οì Ãë¾àÁ¡

¡Ø GNU C ¶óÀ̺귯¸® : ¸®´ª½º °è¿­ ¿î¿µÃ¼Á¦¿¡¼­ ±âº»ÀûÀ¸·Î »ç¿ëÇÏ´Â ¼ÒÇÁÆ®¿þ¾î


¡à Ãë¾àÁ¡ ³»¿ë

o ¶óÀ̺귯¸®¿¡ Á¸ÀçÇϴ ƯÁ¤ ÇÔ¼ö(__nss_hostname_digits_dots( ))ÀÇ À߸øµÈ ¸Þ¸ð¸® »ç¿ëÀ¸·Î ÀÎÇØ ¿À¹öÇ÷ο찡 ¹ß»ýÇÏ¿© ÇÁ·Î±×·¥ÀÇ ½ÇÇà È帧 º¯°æÀÌ °¡´É

¡Ø __nss_hostname_digits_dots( ) ÇÔ¼ö : µµ¸ÞÀÎ ÁÖ¼Ò¸¦ IP ÁÖ¼Ò·Î º¯È¯ÇÒ ¶§ »ç¿ëÇÏ´Â ÇÔ¼öÀÎ gethostbyname( )¸¦ È£Ã⠽à ³»ºÎÀûÀ¸·Î È£ÃâµÇ´Â ÇÔ¼ö


¡à ÇØ´ç ½Ã½ºÅÛ

o ¿µÇâÀ» ¹Þ´Â ½Ã½ºÅÛ

- glibc 2.2~2.17¹öÀüÀÇ ¸ðµç ¸®´ª½º ½Ã½ºÅÛ


¡à ÇØ°á ¹æ¾È

o Ãë¾àÇÑ ¹öÀüÀÇ ¶óÀ̺귯¸®¸¦ »ç¿ëÇÏ´Â ½Ã½ºÅÛÀº »óÀ§ ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ®

¡Ø ½ÇÇàÆÄÀÏ¿¡ Ãë¾àÇÑ ¹öÀüÀÇ ¶óÀ̺귯¸®¸¦ Æ÷ÇÔÇÏ¿© ÄÄÆÄÀÏ ÇÑ °æ¿ì, »óÀ§ ¹öÀüÀÇ ¶óÀ̺귯¸®·Î ÀçÄÄÆÄÀÏ ÇÏ¿© ¼³Ä¡ ÇÊ¿ä

o ´ÙÀ½ Âü°í»çÀÌÆ®ÀÇ ³»¿ëÀ» ÂüÁ¶ÇÏ¿© º¸¾È¾÷µ¥ÀÌÆ® ¼öÇà

- CentOS [1]
- Debian [2]
- Redhat [3]
- Ubuntu [4]


¡à ±âŸ ¹®ÀÇ»çÇ×

o Çѱ¹ÀÎÅͳÝÁøÈï¿ø ÀÎÅͳÝÄ§ÇØ´ëÀÀ¼¾ÅÍ: ±¹¹ø¾øÀÌ 118


[Âü°í»çÀÌÆ®]

[1] http://lists.centos.org/pipermail/centos/2015-January/149413.html
[2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776391
[3] https://access.redhat.com/articles/1332213
[4] http://www.ubuntu.com/usn/usn-2485-1/

ÃÑ 173 °Ç
¹øÈ£ Á¦¸ñ µî·ÏÀÏ Á¶È¸¼ö
173 À©µµ¿ì RDP ¿ø°ÝÄÚµå½ÇÇà Ãë¾àÁ¡ º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í 2019-05-16 32390
172 WannaCry(¿ö³ÊÅ©¶óÀÌ) ·£¼¶¿þ¾î ´ëÀÀ ¹æ¹ý ¾È³» 2017-05-15 18893
171 OpenSSL ±ä±Þ º¸¾È ¾÷µ¥ÀÌÆ® 2016-03-03 21533
170 À±ÃÊ(Leap Second) °ü·Ã ¹ö±× ³»¿ë ¹× ´ëÀÀ ¹æ¾È ¾È³» 2015-06-26 23577
169 HTTP.sys ¿ø°ÝÄÚµå ½ÇÇà Ãë¾àÁ¡ 2015-04-17 20719
=> ¸®´ª½º Ghost Ãë¾àÁ¡ º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í 2015-01-29 20371
167 Apache Struts 2 ¿ø°ÝÄÚµå ½ÇÇà Ãë¾àÁ¡ º¸¾È¾÷µ¥ÀÌÆ® ±Ç°í 2013-07-22 28902
166 ±¹³» °ø°³ À¥ °Ô½ÃÆÇ(±×´©º¸µå) º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í 2011-04-28 33738
165 MS Internet Explorer ½Å±Ô ¿ø°ÝÄÚµå½ÇÇà Ãë¾àÁ¡ ÁÖÀÇ - 2010-12-22 2010-12-22 34266
164 ±¹³» °ø°³ À¥ °Ô½ÃÆÇ(Á¦·Îº¸µå) Ãë¾àÁ¡ ÁÖÀÇ - 2010-12-22 2010-12-22 33166
163 [MS º¸¾È¾÷µ¥ÀÌÆ®]2010³â 12¿ù MS Á¤±â º¸¾È¾÷µ¥ÀÌÆ® ±Ç°í - 2010-12-15 2010-12-15 29895
162 ¾ÖÇà ÄüŸÀÓ Ç÷¹ÀÌ¾î º¸¾È¾÷µ¥ÀÌÆ® ±Ç°í - 2010-12-09 2010-12-09 25738
161 Adobe Reader/Acrobat Ãë¾àÁ¡ º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í - 2010-11-17 2010-11-17 25715
160 [MS º¸¾È¾÷µ¥ÀÌÆ®]2010³â 11¿ù MS Á¤±â º¸¾È¾÷µ¥ÀÌÆ® ±Ç°í - 2010-11-10 2010-11-10 24788
159 Adobe Flash Player ´ÙÁß Ãë¾àÁ¡ º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í - 2010-11-05 2010-11-05 25483
158 Mozilla Firefox ¹× Thunderbird º¸¾È¾÷µ¥ÀÌÆ® ±Ç°í - 2010-10-28 2010-10-28 25036
157 Adobe Shockwave Player ½Å±Ô Ãë¾àÁ¡ ÁÖÀÇ - 2010-10-22 2010-10-22 25147
156 [MS º¸¾È¾÷µ¥ÀÌÆ®]2010³â 10¿ù MS Á¤±â º¸¾È¾÷µ¥ÀÌÆ® ±Ç°í - 2010-10-13 2010-10-13 25192
  [1] [2] [3] [4] [5] [6] [7] [8] [9] [10]  
1