CISCO¿Í BIND Ãë¾àÁ¡ º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í
.jpg)
[º¸¾È´º½º ¿øº´Ã¶ ±âÀÚ] À©µµ¿ì Ãë¾àÁ¡ ¹®Á¦·Î ±¸±Û°ú MS°¡ ¾Æ¿õ´Ù¿õÇÏ´Â »çÀÌ Cisco¿Í BIND Ãë¾àÁ¡ º¸¾È ¾÷µ¥ÀÌÆ®°¡ ±Ç°íµÆ´Ù. Cisco´Â ÀÚ»ç Á¦Ç°±º Ãë¾àÁ¡ º¸¾È ¾÷µ¥ÀÌÆ®¸¦ ISC´Â BINDÀÇ ÀÚµ¿ ¾÷µ¥ÀÌÆ® °ÅºÎ Ãë¾àÁ¡ ¾÷µ¥ÀÌÆ®¸¦ °¢°¢ ¹ßÇ¥Çß´Ù.
ÇØ´ç Ãë¾àÁ¡ ÅëÇØ ¿ø°ÝÄÚµå ½ÇÇà, ¼ºñ½º °ÅºÎ µî °ø°Ý °¡´É
Cisco´Â ÀÚ»çÀÇ Á¦Ç°¿¡ ¿µÇâÀ» ÁÖ´Â Ãë¾àÁ¡À» ÇØ°áÇÑ º¸¾È ¾÷µ¥ÀÌÆ®¸¦ ¹ßÇ¥Çß´Ù. Cisco¿¡ µû¸£¸é °ø°ÝÀÚ´Â ÇØ´ç Ãë¾àÁ¡À» ¾Ç¿ëÇØ ¿ø°ÝÄÚµå ½ÇÇà, ¼ºñ½º °ÅºÎ µîÀÇ ÇÇÇظ¦ ¹ß»ý½Ãų ¼ö ÀÖ¾î ÃֽŠ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ®¸¦ ±Ç°íÇÏ°í ÀÖ´Ù.
À̹ø ¾÷µ¥ÀÌÆ®¿¡¼ Cisco´Â ¡âCisco ASR 900 ½Ã¸®Áî ¶ó¿ìÅÍ¿¡¼ ¹ß»ýÇÏ´Â ¹öÆÛ¿À¹öÇ÷οì Ãë¾àÁ¡(CVE-2016-6441), ¡âCisco PRIME HOMEÀÇ GUI¿¡¼ ¹ß»ýÇÏ´Â ÀÎÁõ ¿ìȸ Ãë¾àÁ¡(CVE-2016-6452), ¡â Cisco Meeting ServerÀÇ SDP¿¡¼ ¹ß»ýµÇ´Â ¹öÆÛ¿À¹öÇ÷ο츦 ÅëÇØ ¿ø°Ý ÄÚµå ½ÇÇàÀÌ °¡´ÉÇÑ Ãë¾àÁ¡(CVE-2016-6448), ¡âCisco Meeting Server ¹× Meeting App¿¡¼ ¹ß»ýÇÏ´Â ¹öÆÛ¾ð´õÇ÷οì Ãë¾àÁ¡(CVE-2016-6447), ¡â·¹À̽º ÄÁµð¼ÇÀ» ÀÌ¿ëÇÏ¿© ¸®´ª½º Ä¿³Î Read-only ¿µ¿ª ¸Þ¸ð¸®¿¡ ¾²±â ±ÇÇÑÀ» ºÎ¿©ÇÏ´Â Ãë¾àÁ¡(CVE-2016-5195), ¡âCisco TelePresence¿¡¼ ¹ß»ýÇÏ´Â Ä¿¸Çµå ÀÎÁ§¼Ç Ãë¾àÁ¡(CVE-2016-6459), ¡âCisco Nexus 9000 ACI¿¡¼ ¹ß»ýÇÏ´Â ¼ºñ½º °ÅºÎ Ãë¾àÁ¡(CVE-2016-6457), ¡âCisco ESA¿¡¼ ¹ß»ýÇÏ´Â RAR ÷ºÎ ÆÄÀÏ °ËÁõ ¿ìȸ Ãë¾àÁ¡(CVE-2016-6458), ¡âCisco DPC2 ASR 5500 ¶ó¿ìÅÍ¿¡¼ ¹ß»ýÇÏ´Â ¼ºñ½º °ÅºÎ Ãë¾àÁ¡(CVE-2016-6455), ¡âCisco ESA ¹× WSA¿¡¼ JAR ÆÄÀÏ °ËÁõ ¿À·ù·Î ÀÎÇÑ ¼ºñ½º °ÅºÎ Ãë¾àÁ¡(CVE-2016-6360) µî ÃÑ 10°³ Ãë¾àÁ¡ ¾÷µ¥ÀÌÆ®¸¦ °ø°³Çß´Ù.
Cisco´Â Ãë¾àÁ¡ÀÌ ¹ß»ýÇÑ Cisco ¼ÒÇÁÆ®¿þ¾î°¡ ¼³Ä¡µÈ Cisco ÀåºñÀÇ ¿î¿µÀÚ´Â ÇØ´ç»çÀÌÆ®¿¡ ¸í½ÃµÇ¾î ÀÖ´Â ¡®Affected Products¡¯ ³»¿ëÀ» È®ÀÎÇÏ¿© ÆÐÄ¡ Àû¿ëÇ϶ó°í ±Ç°íÇß´Ù.
[Âü°í»çÀÌÆ®]
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-tl1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cph
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-linux
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-tp
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-n9kapic
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-esa
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-asr
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esawsa3
DNAME ·¹ÄÚµå ó¸® °úÁ¤¿¡¼ ¼ºñ½º °ÅºÎ À¯¹ß
ISCµµ BIND¿¡¼ ¹ß»ýÇÏ´Â ¿ø°Ý ¼ºñ½º °ÅºÎ(Denial of Service) Ãë¾àÁ¡À» ÇØ°áÇÑ º¸¾È ¾÷µ¥ÀÌÆ®¸¦ ¹ßÇ¥Çß´Ù. ¾÷µ¥ÀÌÆ®¿¡ µû¸£¸é, DNAME ·¹Äڵ带 ó¸®ÇÏ´Â °úÁ¤¿¡¼ ¼ºñ½º °ÅºÎ¸¦ À¯¹ßÇÒ ¼ö ÀÖ´Â Ãë¾àÁ¡(CVE-2016-8864)ÀÌ ¹ß°ßµÆÀ¸¸ç, ¡âBIND 9.0.x~9.8.x ¡âBIND 9.9.0~9.9.9-P3 ¡âBIND 9.9.3-S1~9.9.9-S5 ¡âBIND 9.10.0~9.10.4-P3 ¡âBIND 9.11.0 µîÀÌ ¿µÇâÀ» ¹Þ´Â´Ù.
ÇØ°á ¹æ¾ÈÀ¸·Î´Â ¡âBIND 9 ¹öÀü 9.9.9-P4·Î ¾÷µ¥ÀÌÆ® ¡âBIND 9 ¹öÀü 9.10.4-P4·Î ¾÷µ¥ÀÌÆ® ¡âBIND 9 ¹öÀü 9.11.0-P1·Î ¾÷µ¥ÀÌÆ®ÇÏ¸é µÈ´Ù.
[Âü°í»çÀÌÆ®]
https://kb.isc.org/article/AA-01434/0%20(ISC)
[¿øº´Ã¶ ±âÀÚ(boanone@boannews.com)]
ÇØ´ç Ãë¾àÁ¡ ÅëÇØ ¿ø°ÝÄÚµå ½ÇÇà, ¼ºñ½º °ÅºÎ µî °ø°Ý °¡´É
Cisco´Â ÀÚ»çÀÇ Á¦Ç°¿¡ ¿µÇâÀ» ÁÖ´Â Ãë¾àÁ¡À» ÇØ°áÇÑ º¸¾È ¾÷µ¥ÀÌÆ®¸¦ ¹ßÇ¥Çß´Ù. Cisco¿¡ µû¸£¸é °ø°ÝÀÚ´Â ÇØ´ç Ãë¾àÁ¡À» ¾Ç¿ëÇØ ¿ø°ÝÄÚµå ½ÇÇà, ¼ºñ½º °ÅºÎ µîÀÇ ÇÇÇظ¦ ¹ß»ý½Ãų ¼ö ÀÖ¾î ÃֽŠ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ®¸¦ ±Ç°íÇÏ°í ÀÖ´Ù.
À̹ø ¾÷µ¥ÀÌÆ®¿¡¼ Cisco´Â ¡âCisco ASR 900 ½Ã¸®Áî ¶ó¿ìÅÍ¿¡¼ ¹ß»ýÇÏ´Â ¹öÆÛ¿À¹öÇ÷οì Ãë¾àÁ¡(CVE-2016-6441), ¡âCisco PRIME HOMEÀÇ GUI¿¡¼ ¹ß»ýÇÏ´Â ÀÎÁõ ¿ìȸ Ãë¾àÁ¡(CVE-2016-6452), ¡â Cisco Meeting ServerÀÇ SDP¿¡¼ ¹ß»ýµÇ´Â ¹öÆÛ¿À¹öÇ÷ο츦 ÅëÇØ ¿ø°Ý ÄÚµå ½ÇÇàÀÌ °¡´ÉÇÑ Ãë¾àÁ¡(CVE-2016-6448), ¡âCisco Meeting Server ¹× Meeting App¿¡¼ ¹ß»ýÇÏ´Â ¹öÆÛ¾ð´õÇ÷οì Ãë¾àÁ¡(CVE-2016-6447), ¡â·¹À̽º ÄÁµð¼ÇÀ» ÀÌ¿ëÇÏ¿© ¸®´ª½º Ä¿³Î Read-only ¿µ¿ª ¸Þ¸ð¸®¿¡ ¾²±â ±ÇÇÑÀ» ºÎ¿©ÇÏ´Â Ãë¾àÁ¡(CVE-2016-5195), ¡âCisco TelePresence¿¡¼ ¹ß»ýÇÏ´Â Ä¿¸Çµå ÀÎÁ§¼Ç Ãë¾àÁ¡(CVE-2016-6459), ¡âCisco Nexus 9000 ACI¿¡¼ ¹ß»ýÇÏ´Â ¼ºñ½º °ÅºÎ Ãë¾àÁ¡(CVE-2016-6457), ¡âCisco ESA¿¡¼ ¹ß»ýÇÏ´Â RAR ÷ºÎ ÆÄÀÏ °ËÁõ ¿ìȸ Ãë¾àÁ¡(CVE-2016-6458), ¡âCisco DPC2 ASR 5500 ¶ó¿ìÅÍ¿¡¼ ¹ß»ýÇÏ´Â ¼ºñ½º °ÅºÎ Ãë¾àÁ¡(CVE-2016-6455), ¡âCisco ESA ¹× WSA¿¡¼ JAR ÆÄÀÏ °ËÁõ ¿À·ù·Î ÀÎÇÑ ¼ºñ½º °ÅºÎ Ãë¾àÁ¡(CVE-2016-6360) µî ÃÑ 10°³ Ãë¾àÁ¡ ¾÷µ¥ÀÌÆ®¸¦ °ø°³Çß´Ù.
Cisco´Â Ãë¾àÁ¡ÀÌ ¹ß»ýÇÑ Cisco ¼ÒÇÁÆ®¿þ¾î°¡ ¼³Ä¡µÈ Cisco ÀåºñÀÇ ¿î¿µÀÚ´Â ÇØ´ç»çÀÌÆ®¿¡ ¸í½ÃµÇ¾î ÀÖ´Â ¡®Affected Products¡¯ ³»¿ëÀ» È®ÀÎÇÏ¿© ÆÐÄ¡ Àû¿ëÇ϶ó°í ±Ç°íÇß´Ù.
[Âü°í»çÀÌÆ®]
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-tl1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cph
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cms
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-linux
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-tp
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-n9kapic
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-esa
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-asr
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esawsa3
DNAME ·¹ÄÚµå ó¸® °úÁ¤¿¡¼ ¼ºñ½º °ÅºÎ À¯¹ß
ISCµµ BIND¿¡¼ ¹ß»ýÇÏ´Â ¿ø°Ý ¼ºñ½º °ÅºÎ(Denial of Service) Ãë¾àÁ¡À» ÇØ°áÇÑ º¸¾È ¾÷µ¥ÀÌÆ®¸¦ ¹ßÇ¥Çß´Ù. ¾÷µ¥ÀÌÆ®¿¡ µû¸£¸é, DNAME ·¹Äڵ带 ó¸®ÇÏ´Â °úÁ¤¿¡¼ ¼ºñ½º °ÅºÎ¸¦ À¯¹ßÇÒ ¼ö ÀÖ´Â Ãë¾àÁ¡(CVE-2016-8864)ÀÌ ¹ß°ßµÆÀ¸¸ç, ¡âBIND 9.0.x~9.8.x ¡âBIND 9.9.0~9.9.9-P3 ¡âBIND 9.9.3-S1~9.9.9-S5 ¡âBIND 9.10.0~9.10.4-P3 ¡âBIND 9.11.0 µîÀÌ ¿µÇâÀ» ¹Þ´Â´Ù.
ÇØ°á ¹æ¾ÈÀ¸·Î´Â ¡âBIND 9 ¹öÀü 9.9.9-P4·Î ¾÷µ¥ÀÌÆ® ¡âBIND 9 ¹öÀü 9.10.4-P4·Î ¾÷µ¥ÀÌÆ® ¡âBIND 9 ¹öÀü 9.11.0-P1·Î ¾÷µ¥ÀÌÆ®ÇÏ¸é µÈ´Ù.
[Âü°í»çÀÌÆ®]
https://kb.isc.org/article/AA-01434/0%20(ISC)
[¿øº´Ã¶ ±âÀÚ(boanone@boannews.com)]
<ÀúÀÛ±ÇÀÚ: º¸¾È´º½º(www.boannews.com) ¹«´ÜÀüÀç-Àç¹èÆ÷±ÝÁö>
¿øº´Ã¶±âÀÚ ±â»çº¸±â
[2024-10-31] .jpg)
