CVE-2015-8676, CVE-2015-8677
[º¸¾È´º½º ¹®°¡¿ë] ÇöÁö ½Ã°¢À¸·Î 4¿ù 14ÀÏ, ¿ì¸®³ª¶ó ½Ã°£À¸·Î´Â ´ë·« 14ÀÏ¿¡¼ 15ÀÏ·Î ³Ñ¾î¿À´Â ¹ã »çÀÌ¿¡ ¹Ì±¹ÀÇ National Vulnerability DatabaseÀ» ÅëÇØ ¹ßÇ¥µÈ Ãë¾àÁ¡µéÀÌ´Ù.
1. CVE-2011-4600
libvirt 0.9.9 ÀÌÀü ¹öÀüÀÇ network/bridge_driver.c¿¡ ÀÖ´Â networkReloadIptablesRules ÇÔ¼ö¿¡ ÀÖ´Â Ãë¾àÁ¡À¸·Î libvirt¸¦ ´Ù½Ã ½ÃÀÛÇÒ ¶§ ¹æȺ® ±ÔÄ¢À» Àß Ã³¸®ÇÏÁö ¾Ê´Â´Ù. ÀÌ·Î½á ¿ø°ÝÀÇ °ø°ÝÀÚ°¡ Á¢±Ù Á¦ÇÑ ÀåÄ¡¸¦ DNS Äõ¸® ¹× DHCP Äõ¸®¸¦ ÅëÇÏ¿© ¿ìȸÇÒ ¼ö ÀÖ°Ô µÈ´Ù.
2. CVE-2015-5247
libvirt 1.2.14~1.2.19 ¹öÀü¿¡ ÀÖ´Â virStorageVolCreateXML APIÀÇ Ãë¾àÁ¡À¸·Î ¿ø°Ý¿¡¼ ½ÂÀÎµÈ »ç¿ëÀÚ°¡ root_squash NFS Ç®¿¡ º¼·ýÀ» ¸¸µç ÈÄ ¸µÅ© ÇØÁ¦¸¦ ½ÇÆÐÇÔÀ¸·Î½á DoS °ø°ÝÀ» ÇÒ ¼ö ÀÖ°Ô µÈ´Ù.
3. CVE-2015-8336
Huawei FusionCompute ¼ÒÇÁÆ®¿þ¾î V100R005C10SPC700 ÀÌÀü ¹öÀü¿¡ ÀÖ´Â Ãë¾àÁ¡À¸·Î ¿ø°Ý¿¡¼ ½ÂÀÎµÈ »ç¿ëÀÚ°¡ ¹Î°¨ÇÑ Á¤º¸¸¦ ¾òÀ» ¼ö ÀÖ°Ô ÇØÁØ´Ù.
4. CVE-2015-8676
- Huawei S5300EI, S5300SI, S5310HI, S6300EI/ S2350EI,
- S5300LI Campus ½Ã¸®Áî ½ºÀ§Ä¡ ¼ÒÇÁÆ®¿þ¾î V200R001SPH018 ÀÌÀüÀÇ V200R001C00 ¹öÀü, V200R003SPH011 ÀÌÀüÀÇ V200R002C00 ¹öÀü, V200R003SPH011 ÀÌÀüÀÇ V200R003C00 ¹öÀü,
- S9300, S7700, S9700 Campus ½Ã¸®Áî ½ºÀ§Ä¡ ¼ÒÇÁÆ®¿þ¾î V200R001SPH023 ÀÌÀü V200R001C00 ¹öÀü, V200R003SPH011 ÀÌÀü V200R002C00 ¹öÀü, V200R003SPH011 ÀÌÀü V200R003C00 ¹öÀü,
- S2300, S3300 Campus ½Ã¸®Áî ½ºÀ§Ä¡ ¼ÒÇÁÆ®¿þ¾î V100R006SPH022 ÀÌÀü V100R006C05 ¹öÀü¿¡ ÀÖ´Â Ãë¾àÁ¡À¸·Î ¿ø°ÝÀÇ °ø°ÝÀÚ°¡ ICMPv6 ÆÐŶ ¾çÀ» ¾öû³ª°Ô ´Ã·Á DoS °ø°ÝÀ» ÇÒ ¼ö ÀÖ°Ô µÈ´Ù.
5. CVE-2015-8677
- Huawei S5300EI, S5300SI, S5310HI, S6300EI/ S2350EI,
- S5300LI Campus ½Ã¸®Áî ½ºÀ§Ä¡ ¼ÒÇÁÆ®¿þ¾î V200R001SPH018 ÀÌÀüÀÇ V200R001C00 ¹öÀü, V200R003SPH011 ÀÌÀüÀÇ V200R002C00 ¹öÀü, V200R003SPH011 ÀÌÀüÀÇ V200R003C00 ¹öÀü,
- S9300, S7700, S9700 Campus ½Ã¸®Áî ½ºÀ§Ä¡ ¼ÒÇÁÆ®¿þ¾î V200R001SPH023 ÀÌÀü V200R001C00 ¹öÀü, V200R003SPH011 ÀÌÀü V200R002C00 ¹öÀü, V200R003SPH011 ÀÌÀü V200R003C00 ¹öÀü,
- S2300, S3300 Campus ½Ã¸®Áî ½ºÀ§Ä¡ ¼ÒÇÁÆ®¿þ¾î V100R006SPH022 ÀÌÀü V100R006C05 ¹öÀü¿¡ ÀÖ´Â ¸Þ¸ð¸® ³ëÃâ Ãë¾àÁ¡À¸·Î ¿ø°Ý¿¡¼ ½ÂÀÎµÈ »ç¿ëÀÚ°¡ HTTPS ¹× SFTP ¼¹ö¿¡ ·Î±×ÀÎÇÏ°í °ð¹Ù·Î ¾Æ ·Î±×¾Æ¿ôÇÏ´Â °É ¹Ýº¹ÇÔÀ¸·Î½á DoS °ø°ÝÀÌ °¡´ÉÇØÁø´Ù.
[±¹Á¦ºÎ ¹®°¡¿ë ±âÀÚ(globoan@boannews.com)]
<ÀúÀÛ±ÇÀÚ: º¸¾È´º½º(www.boannews.com) ¹«´ÜÀüÀç-Àç¹èÆ÷±ÝÁö>