MENU MENU
CISO News
HOME > CISO News > ÃֽŴº½º
 |
 |
 |
 |
 |
 |
 |
ÃֽŴº½º
| Samba ¼ÒÇÁÆ®¿þ¾î, ºñ¹Ð¹øÈ£ º¯°æ °¡´É Ãë¾àÁ¡ ¹ß°ß | 2018.03.20 |
¼ºñ½º °ÅºÎ ¹× ºñ¹Ð¹øÈ£ º¯°æ °¡´É Ãë¾àÁ¡ ¹ß°ß...³·Àº ¹öÀü ¾÷µ¥ÀÌÆ® ÇÊ¿ä [º¸¾È´º½º ±è°æ¾Ö ±âÀÚ] Samba ¼ÒÇÁÆ®¿þ¾î¿¡¼ Ãë¾àÁ¡ÀÌ ¹ß°ßµÅ ÀÌ¿ëÀÚµéÀÇ ÁÖÀÇ°¡ ¿ä±¸µÈ´Ù. µû¶ó¼ ³·Àº ¹öÀü »ç¿ëÀÚ´Â ¼ºñ½º °ÅºÎ, Æнº¿öµå º¯°æ °ø°Ý¿¡ Ãë¾àÇϹǷÎ, ÃֽŠ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ®ÇÏ´Â °ÍÀÌ ¹Ù¶÷Á÷ÇÏ´Ù.  ¡ãCVE-2018-1050 Ãë¾àÁ¡[À̹ÌÁö=samba »çÀÌÆ®] À̹ø¿¡ ¹ß°ßµÈ Ãë¾àÁ¡Àº RPC ½ºÇ® ¼ºñ½º°¡ ¿ÜºÎ µ¥¸óÀ¸·Î ½ÇÇàµÇµµ·Ï ±¸¼ºµÈ °æ¿ì, À̸¦ È£ÃâÇÏ´Â °úÁ¤¿¡¼ ÀԷ°ª¿¡ ´ëÇÑ °ËÁõ ¹ÌÈíÀ¸·Î Àμ⠽ºÇ®·¯ ¼ºñ½º°¡ Áß´ÜµÉ ¼ö ÀÖ´Â ¼ºñ½º °ÅºÎ Ãë¾àÁ¡(CVE-2018-1050)[1]°ú Samba4 Active Directory Domain ControllerÀÇ LDAP ¼¹ö¿¡¼ ±ÇÇÑ °ËÁõÀÌ ¹ÌÈíÇÏ¿© ´Ù¸¥ »ç¿ëÀÚÀÇ ºñ¹Ð¹øÈ£¸¦ º¯°æÇÒ¼ö ÀÖ´Â Ãë¾àÁ¡(CVE-2018-1057)[2]ÀÌ´Ù. ¿µÇâÀ» ¹Þ´Â Á¦Ç°Àº 4.7.5 ¹× ÀÌÀü ¹öÀü, 4.6.13 ¹× ÀÌÀü ¹öÀü, 4.5.15 ¹× ÀÌÀü ¹öÀü, .4.x, 4.3.x, 4.2.x, 4.1.x, 4.0.x ¹öÀüÀÌ´Ù. ÀÌ¿¡ µû¶ó Samba 4.7.x ¹öÀüÀº Samba 4.7.6 ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ®ÇØ¾ß ÇÏ°í, Samba 4.6.x ¹öÀüÀº Samba 4.6.14 ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ®ÇØ¾ß ÇÑ´Ù. ¶ÇÇÑ, Samba 4.5.x ¹öÀüÀº Samba 4.5.16 ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ®¸¦ Àû¿ëÇØ¾ß ÇÑ´Ù. ÀÚ¼¼ÇÑ »çÇ×Àº Çѱ¹ÀÎÅͳÝÁøÈï¿ø ÀÎÅͳÝħÇØ´ëÀÀ¼¾ÅÍ(±¹¹ø¾øÀÌ 118)¿¡ ¹®ÀÇÇÏ¸é µÈ´Ù. [Âü°í»çÀÌÆ®] [1] https://www.samba.org/samba/security/CVE-2018-1050.html [2] https://www.samba.org/samba/security/CVE-2018-1057.html [3] https://www.samba.org/samba/history/samba-4.7.6.html [4] https://www.samba.org/samba/history/samba-4.6.14.html [5] https://www.samba.org/samba/history/samba-4.5.16.html [±è°æ¾Ö ±âÀÚ(boan3@boannews.com)] <ÀúÀÛ±ÇÀÚ: º¸¾È´º½º(www.boannews.com) ¹«´ÜÀüÀç-Àç¹èÆ÷±ÝÁö> |
|
 |
ÁÖ¿ä ȸ¿ø»ç
