´Ù¸¥ °¡»ó¸Ó½Å¼ ÀÓÀÇÄÚµå ½ÇÇà½Ãų ¼ö ÀÖ´Â Ãë¾àÁ¡ ¾÷µ¥ÀÌÆ® ¹ßÇ¥
[º¸¾È´º½º ¹Î¼¼¾Æ] °¡»ó¸Ó½ÅÀÇ Ç÷ÎÇÇ µð½ºÅ© ÄÁÆ®·Ñ·¯¿¡¼ ¹ß»ýÇÏ´Â Ãë¾àÁ¡À» ÇØ°áÇÑ Ãß°¡ º¸¾È ¾÷µ¥ÀÌÆ®°¡ ¹ßÇ¥µÆ´Ù.
Å©¶ó¿ìµå½ºÆ®¶óÀÌÅ©(Crowdstrike)»ç´Â °¡»óÈ ¼ÒÇÁÆ®¿þ¾îÀÇ ÀÏÁ¾ÀÎ QEMUÀÇ °¡»ó¸Ó½Å Ç÷ÎÇÇ µð½ºÅ© ÄÁÆ®·Ñ·¯¿¡¼ ¡®°¡»ó¸Ó½ÅÀ» Å»ÃâÇÒ ¼ö ÀÖ´Â Ãë¾àÁ¡¡¯À» ¹ß°ßÇÏ°í, ÇØ´ç Ãë¾àÁ¡À» VENOM(Virtualized Environment Neglected Operations Manipulation)À̶ó ¹ßÇ¥Çß´Ù.
ÇØ´ç Ãë¾àÁ¡Àº °¡»ó Ç÷ÎÇÇ µð½ºÅ© ÄÁÆ®·Ñ·¯ÀÇ ±æÀÌ°¡ ÁöÁ¤µÈ ¸Å°³ º¯¼ö°ªÀ» ¿À¹öÇÃ·Î¿ì ½ÃÅ´À¸·Î½á °¡»ó¸Ó½ÅÀ» Å»ÃâÇØ ´Ù¸¥ °¡»ó¸Ó½Å¿¡¼ ÀÓÀÇÄڵ带 ½ÇÇà½Ãų ¼ö ÀÖ´Â Ãë¾àÁ¡(CVE-2015-3456)ÀÌ´Ù.
ÀÌ¿¡ µû¶ó ³·Àº ¹öÀüÀÇ °¡»ó¸Ó½Å »ç¿ëÀÚ´Â ¾Ç¼ºÄÚµå °¨¿°¿¡ Ãë¾àÇÒ ¼ö ÀÖÀ¸¹Ç·Î ÇØ°á¹æ¾È¿¡ µû¶ó ÃֽŹöÀüÀ¸·Î ¾÷µ¥ÀÌÆ®ÇÒ °ÍÀ» ±Ç°íÇÏ°í ÀÖ´Ù.
¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î´Â QEMU, Xen, KVM, VirtualBox(Oracle)ÀÌ´Ù. VMware, Microsoft Hyper-V, Boches hypervisors´Â ÇØ´ç Ãë¾àÁ¡¿¡ ¿µÇâÀ» ¹ÞÁö ¾Ê´Â´Ù.
¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾îÀÇ Å¬¶óÀ̾ðÆ®¸¦ »ç¿ëÇÏ°í ÀÖ´Â ½Ã½ºÅÛ °ü¸®ÀÚ´Â ´ÙÀ½ Âü°í»çÀÌÆ®ÀÇ ³»¿ëÀ» ÂüÁ¶ÇØ º¸¾È¾÷µ¥ÀÌÆ®¸¦ ¼öÇàÇØ ÇØ´ç Ãë¾àÁ¡À» ÇØ°áÇÒ ¼ö ÀÖ´Ù.
- QEMU[1], Xen Project[2], Red Hat[3], Citrix[4], FireEye[5], Linode[6]
- Rackspace[7], Ubuntu[8], Debian[9], Suse[10], DigitalOcean[11], f5[12]
- Joyent[13], Liquid Web[14], UpCloud[15], Amazon[16], Oracle[17]
- Barracuda Networks[18]
ÀÌ¿Í °ü·ÃÇÑ ±âŸ ¹®ÀÇ»çÇ×Àº ¾Æ·¡ÀÇ Âü°í»çÀÌÆ®¸¦ È®ÀÎÇϰųª Çѱ¹ÀÎÅͳÝÁøÈï¿ø ÀÎÅͳÝħÇØ´ëÀÀ¼¾ÅÍ(±¹¹ø¾øÀÌ 118)·Î ¹®ÀÇÇÏ¸é µÈ´Ù.
[Âü°í»çÀÌÆ®]
1.http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e907746266721f305d67bc0718795fedee2e824c
2.http://xenbits.xen.org/xsa/advisory-133.html
3.https://access.redhat.com/articles/1444903
4.http://support.citrix.com/article/CTX201078
5.https://www.fireeye.com/content/dam/fireeye-www/support/pdfs/fireeye-venom-vulnerability.pdf
6.https://blog.linode.com/2015/05/13/venom-cve-2015-3456-vulnerability-and-linode/
7.https://community.rackspace.com/general/f/53/t/5187
8.http://www.ubuntu.com/usn/usn-2608-1/
9.https://security-tracker.debian.org/tracker/CVE-2015-3456
10.https://www.suse.com/support/kb/doc.php?id=7016497
11.https://www.digitalocean.com/company/blog/update-on-CVE-2015-3456/
12.https://support.f5.com/kb/en-us/solutions/public/16000/600/sol16620.html
13. https://help.joyent.com/entries/68099220-Security-Advisory-on-Venom-CVE-2015-3456-in-KVM-QEMU
14.http://www.liquidweb.com/kb/information-on-cve-2015-3456-qemu-vulnerability-venom/
15.http://status.upcloud.com/incidents/tt05z2340wws
16.http://aws.amazon.com/security/security-bulletins/XSA_Security_Advisory_CVE_2015_3456/
17.http://www.oracle.com/technetwork/topics/security/alert-cve-2015-3456-2542656.html
18.https://community.barracudanetworks.com/forum/index.php?/topic/25582-cve-2015-3456-venom-vulnerability/?p=71567
[¹Î¼¼¾Æ ±âÀÚ(boan5@boannews.com)]
<ÀúÀÛ±ÇÀÚ: º¸¾È´º½º(http://www.boannews.com/) ¹«´ÜÀüÀç-Àç¹èÆ÷±ÝÁö>