Home > Àüü±â»ç

OpenSSH Client, ¸Þ¸ð¸® Á¤º¸ ³ëÃâ Ãë¾àÁ¡ ¡®ÁÖÀÇ¡¯

ÀÔ·Â : 2016-01-15 17:02
ÆäÀ̽ººÏ º¸³»±â Æ®À§ÅÍ º¸³»±â ³×À̹ö ¹êµå º¸³»±â Ä«Ä«¿À ½ºÅ丮 º¸³»±â ³×À̹ö ºí·Î±× º¸³»±â
OpenSSH Client, ¸Þ¸ð¸® Á¤º¸ ³ëÃâ µî 2°³ÀÇ Ãë¾àÁ¡ ¾÷µ¥ÀÌÆ® ¹ßÇ¥

[º¸¾È´º½º ±è°æ¾Ö] OpenSSH Client¿¡¼­ ¸Þ¸ð¸® Á¤º¸ ³ëÃâ Ãë¾àÁ¡ µî 2°³ÀÇ Ãë¾àÁ¡À» ÇØ°áÇÑ º¸¾È ¾÷µ¥ÀÌÆ®¸¦ ¹ßÇ¥Çß´Ù.

¡ãCVE-2016-0777 Ãë¾àÁ¡ ¿ä¾à È­¸é(Ãâó: NIST)


ÇØ´ç Ãë¾àÁ¡Àº roamin_common.c ¾ÈÀÇ resend_bytes ÇÔ¼ö¿¡¼­ ¸Þ¸ð¸® Á¤º¸°¡ ³ëÃâ(Information leak)µÇ´Â Ãë¾àÁ¡(CVE-2016-0777)°ú roamin_common.c ¾ÈÀÇ roamin_read ÇÔ¼ö¿Í roaming_write ÇÔ¼ö¿¡¼­ Èü ¹öÆÛ¿À¹öÇ÷οì(heap-based buffer overflow)°¡ ¹ß»ýÇÏ´Â Ãë¾àÁ¡(CVE-2016-0778)ÀÌ´Ù.

¿µÇâ¹Þ´Â ¹öÀüÀº OpneSSH 5.x, 6.x, 7.x ~ 7.1p1ÀÌ´Ù.

µû¶ó¼­ ³·Àº ¹öÀü »ç¿ëÀÚ´Â OpneSSH 7.1p2 ·Î ¾÷µ¥ÀÌÆ®ÇÏ°í, Roming ±â´ÉÀ» ºñÈ°¼ºÈ­ÇØ¾ß ÇÑ´Ù.

ÀÌ¿Í °ü·Ã Á»´õ ÀÚ¼¼ÇÑ »çÇ×Àº Çѱ¹ÀÎÅͳÝÁøÈï¿ø ÀÎÅͳÝħÇØ´ëÀÀ¼¾ÅÍ¿¡ ¹®ÀÇ(±¹¹ø ¾øÀÌ 118)ÇÏ¸é µÈ´Ù.

[¿ë¾î ¼³¸í]
¹öÆÛ ¿À¹öÇ÷οì(Buffer Overflow): ƯÁ¤ ÇÁ·Î±×·¥¿¡ ÇÒ´çµÈ ¸Þ¸ð¸® ¿µ¿ªÀ» ÃÊ°úÇÏ´Â Å©±âÀÇ µ¥ÀÌÅ͸¦ ÀԷ½ÃÅ´À¸·Î½á ¹ß»ýÇÏ´Â Ãë¾àÁ¡

[Âü°í»çÀÌÆ®]
http://www.openssh.com/txt/release-7.1p2
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0777
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0778

[±è°æ¾Ö ±âÀÚ(boan3@boannews.com)]

<ÀúÀÛ±ÇÀÚ: º¸¾È´º½º(www.boannews.com) ¹«´ÜÀüÀç-Àç¹èÆ÷±ÝÁö>

  •  
  • 0
  • ÆäÀ̽ººÏ º¸³»±â Æ®À§ÅÍ º¸³»±â ³×À̹ö ¹êµå º¸³»±â Ä«Ä«¿À ½ºÅ丮 º¸³»±â ³×À̹ö ºí·Î±× º¸³»±â

  • ¡°
  •  SNS¿¡¼­µµ º¸¾È´º½º¸¦ ¹Þ¾Æº¸¼¼¿ä!! 
  • ¡±
¾Æ½ºÆ®·Ð½ÃÅ¥¸®Æ¼ ÆÄ¿öºñÁî 2023³â2¿ù23ÀÏ ½ÃÀÛ ³Ý¾Øµå ÆÄ¿öºñÁî ÁøÇà 2020³â1¿ù8ÀÏ ½ÃÀÛ~2021³â 1¿ù8ÀϱîÁö À§Áîµð¿£¿¡½º 2018
¼³¹®Á¶»ç
³»³â ȸ»ç¿¡ ²À µµÀÔÇÏ°í ½ÍÀº º¸¾È ¼Ö·ç¼Ç ¶Ç´Â Ç÷§ÆûÀº ¹«¾ùÀΰ¡¿ä?
XDR
EDR
AI º¸¾È
Á¦·ÎÆ®·¯½ºÆ®
°ø±Þ¸Á º¸¾È ü°è(SBOM)
Ŭ¶ó¿ìµå º¸¾È ¼Ö·ç¼Ç
±âŸ(´ñ±Û·Î)