Home > Àüü±â»ç

»õÇØ¿¡µµ º¸¾È Ãë¾àÁ¡ ÆÐÄ¡´Â °è¼ÓµÈ´Ù!

ÀÔ·Â : 2017-02-03 10:15
ÆäÀ̽ººÏ º¸³»±â Æ®À§ÅÍ º¸³»±â ³×À̹ö ¹êµå º¸³»±â Ä«Ä«¿À ½ºÅ丮 º¸³»±â ³×À̹ö ºí·Î±× º¸³»±â
½Ã½ºÄÚ, ¿öµåÇÁ·¹½º, Brave ºê¶ó¿ìÀú º¸¾È ¾÷µ¥ÀÌÆ® ¹ßÇ¥

[º¸¾È´º½º ¿øº´Ã¶ ±âÀÚ] »õÇØ¿¡µµ º¸¾È ¾÷µ¥ÀÌÆ®´Â °è¼ÓµÈ´Ù. ½Ã½ºÄÚ(CISCO)¿Í ¿öµåÇÁ·¹½º(WordPress), ºê·¹À̺ê(Brave) ºê¶ó¿ìÀú´Â Ãë¾àÁ¡À» ÆÐÄ¡ÇÏ´Â º¸¾È ¾÷µ¥ÀÌÆ®¸¦ °ø°³Çß´Ù. Ãë¾àÁ¡À» ÅëÇØ °ø°ÝÀÚ°¡ °ø°ÝÇØ¿Ã ¼ö ÀÖÀ¸¹Ç·Î, ÇØ´ç ¼Ö·ç¼ÇÀ» »ç¿ëÇÏ´Â »ç¿ëÀÚ´Â ¹Ýµå½Ã ¾÷µ¥ÀÌÆ®¸¦ ÇÏ´Â °ÍÀÌ ÁÁ´Ù.

Cisco ´ÙÁß Ãë¾àÁ¡ º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í
Cisco´Â ÀÚ»çÀÇ Á¦Ç°¿¡ ¿µÇâÀ» ÁÖ´Â Ãë¾àÁ¡À» ÇØ°áÇÑ º¸¾È ¾÷µ¥ÀÌÆ®¸¦ ¹ßÇ¥Çß´Ù. °ø°ÝÀÚ´Â ÇØ´ç Ãë¾àÁ¡À» ¾Ç¿ëÇØ ±ÇÇÑ »ó½Â, ¼­ºñ½º °ÅºÎ µîÀÇ ÇÇÇظ¦ ¹ß»ý½Ãų ¼ö ÀÖÀ¸¹Ç·Î, ÃֽŠ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ®¸¦ ÇÏ´Â °ÍÀÌ ÁÁ´Ù. Ãë¾àÁ¡ÀÌ ¹ß»ýÇÑ Cisco ¼ÒÇÁÆ®¿þ¾î°¡ ¼³Ä¡µÈ Cisco ÀåºñÀÇ ¿î¿µÀÚ´Â ÇØ´ç »çÀÌÆ®¿¡ ¸í½ÃµÇ¾î ÀÖ´Â ¡®Affected Products¡¯ ³»¿ëÀ» È®ÀÎÇØ ÆÐÄ¡¸¦ Àû¿ëÇØ¾ß ÇÑ´Ù.

º¸¾È ¾÷µ¥ÀÌÆ® ³»¿ë
¡¤ Cisco Industrial Ethernet 2000 Series ½ºÀ§Ä¡ÀÇ Common Industrial Protocol¿¡¼­ ¹ß»ýÇÏ´Â ¼­ºñ½º °ÅºÎ Ãë¾àÁ¡(CVE-2017-3812)
¡¤ Cisco Prime Service CatalogÀÇ À¥ ÇÁ·¹ÀÓ¿öÅ©¿¡¼­ ¹ß»ýÇÏ´Â URL ¸®´ÙÀÌ·ºÆ® Ãë¾àÁ¡(CVE-2017-3810)
¡¤ Cisco Prime HomeÀÇ À¥ ±â¹Ý GUI¿¡¼­ ¹ß»ýÇÏ´Â ±ÇÇÑ »ó½Â Ãë¾àÁ¡(CVE-2017-3791)
¡¤ Cisco Firepower Device Manager(FDM)ÀÇ ·Î±× ½Ã½ºÅÛ¿¡¼­ ¹ß»ýÇÏ´Â ·Î±× ±â·Ï º¯Á¶ Ãë¾àÁ¡(CVE-2017-3822)
¡¤ Cisco Firepower ½Ã½ºÅÛ¿¡¼­ ¹ß»ýÇÏ´Â º¸¾È ±â´É ¿ìȸ Ãë¾àÁ¡(CVE-2017-3814)
¡¤ Cisco Firepower 4100 Series Next-Generation Firewall(NGFW) ¹× Firepower 9300 Security ApplianceÀÇ ¸í·É¾î ó¸® ¸ðµâ¿¡¼­ ¹ß»ýÇÏ´Â ½Ã½ºÅÛ ¸í·É ½ÇÇà Ãë¾àÁ¡(CVE-2017-3806)
¡¤ Cisco Firepower Management Center(FMC)ÀÇ Á¤Ã¥ ¸ðµâ ½ºÇªÇÎ Ãë¾àÁ¡(CVE-2017-3809)
¡¤ Cisco Email Security Appliances(ESA)¿ë Cisco AsyncOS ¼ÒÇÁÆ®¿þ¾îÀÇ Multipurpose Internet Mail Extensions(MIME) ½ºÄ³³Ê¿¡¼­ ¹ß»ýÇÏ´Â ÀÎÁõ ¿ìȸ Ãë¾àÁ¡(CVE-2017-3818)
¡¤ Cisco cBR Series Converged Broadband ¶ó¿ìÅÍ¿¡¼­ ¹ß»ýÇÏ´Â ¼­ºñ½º °ÅºÎ Ãë¾àÁ¡(CVE-2017-3824)
¡¤ Cisco IOS XE ¼ÒÇÁÆ®¿þ¾î¸¦ ½ÇÇàÇÏ´Â Cisco ASR 1000 Series Aggregation Services RoutersÀÇ SNMP ±â´É¿¡¼­ ¹ß»ýÇÏ´Â ¼­ºñ½º °ÅºÎ Ãë¾àÁ¡(CVE-2017-3820)

[Âü°í»çÀÌÆ®]
[1] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-psc1
[2] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-psc
[3] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-prime-home
[4] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-fpw2
[5] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-fpw1
[6] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-fpw
[7] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-fmc
[8] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-esa1
[9] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-cbr
[10] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-asrsnmp

WordPress º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í
À¥»çÀÌÆ® Á¦ÀÛ ÅøÀÎ ¿öµåÇÁ·¹½º(WordPress)´Â Ãë¾àÇÑ ÀÎÁõ, SQL ÀÎÁ§¼Ç Ãë¾àÁ¡, Å©·Î½º »çÀÌÆ® ½ºÅ©¸³Æà Ãë¾àÁ¡, ±ÇÇÑ »ó½Â Ãë¾àÁ¡ µî ÃÑ 4Á¾ÀÇ Ãë¾àÁ¡À» ÇØ°áÇÑ º¸¾È ¾÷µ¥ÀÌÆ®¸¦ ¹ßÇ¥Çß´Ù. ¿öµåÇÁ·¹½º´Â ¿µÇâ ¹Þ´Â ¹öÀüÀÇ »ç¿ëÀÚ´Â ÃֽŠ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ®ÇÒ °ÍÀ» ±Ç°íÇß´Ù.

Ãë¾àÁ¡¿¡ ¿µÇâÀ» ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î´Â WordPress v4.7.1 ¹× ÀÌÇϹöÀüÀ¸·Î, ÇØ°á¹æ¾ÈÀ¸·Î ¼ÒÇÁÆ®¿þ¾î ÃֽŠ¹öÀüÀ» ¼³Ä¡(´ë½¬º¸µå(¾Ë¸²ÆÇ) – ¾÷µ¥ÀÌÆ® - Update Now Ŭ¸¯)ÇÏ¸é µÈ´Ù.

¡ã ¿öµåÇÁ·¹½º ¾÷µ¥ÀÌÆ® ¹æ¹ý


[Âü°í»çÀÌÆ®]
https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/

Brave ºê¶ó¿ìÀú¿¡¼­ º¸¾È Ãë¾àÁ¡ ¹ß°ß
¿ÀǼҽºÀÎ Braveºê¶ó¿ìÀú´Â ±¤°í Â÷´Ü, cookie ÃßÀû ¹æÁö, Çȼ¿ ÃßÀû ¹æÁö µî ´Ù¾çÇÑ º¸¾È ±â´ÉÀ¸·Î À¯¸íÇÑ ºê¶ó¿ìÀú´Ù. ¾Ë¾àºí·Î±×´Â ÀÌ Brave ºê¶ó¿ìÀú¿¡¼­ Ãë¾àÁ¡ÀÌ ¹ß°ßµÆ´Ù°í ¹àÇû´Ù. ÇØ´ç Ãë¾àÁ¡À» ÀÌ¿ëÇϸé À¥ÆäÀÌÁö¸¦ º¯Á¶ÇÒ ¼ö ÀÖÀ¸¸ç, ÀÌ·¯ÇÑ °ø°ÝÀ» ÅëÇØ °ø°ÝÀÚ°¡ »ç¿ëÀÚ Á¤º¸¸¦ Å»ÃëÇϰųª, ¾Ç¼ºÄڵ带 À¯Æ÷ÇÏ´Â µî ¾Ç¼ºÇàÀ§¸¦ ¼öÇàÇÒ ¼ö ÀÖ´Ù.

º¸¾È Àü¹®°¡´Â Brave ºê¶ó¿ìÀú ÁÖ¼ÒâÀ» ½ºÇªÇÎÇÒ HTML ÄÚµå(bravespoof.html)¸¦ ÀÛ¼ºÇÏ°í, ·Î±×ÀÎâÀÌ Æ÷ÇԵǾî ÀÖ´Â ÇÇ½Ì ÆäÀÌÁö¸¦ Á¦ÀÛÇß´Ù. ¶ÇÇÑ f()ÇÔ¼ö¸¦ ÀÌ¿ëÇØ https://facebook.com·Î ¸®´ÙÀÌ·º¼Ç µÇµµ·Ï ¼³Á¤ÇØ ³õ¾ÒÀ¸¸ç, SetInterval ÇÔ¼ö¸¦ ÅëÇØ ¸Å 10ms¸¶´Ù f() ÇÔ¼ö¸¦ ½ÇÇàÇϵµ·Ï ¼³Á¤ÇØ ³õ¾Ò´Ù.

ÀϹÝÀûÀÎ »óȲ¿¡¼­ ÀÌ·¯ÇÑ ¹æ¹ýÀ» ÀÌ¿ëÇϸé, »ç¿ëÀÚ°¡ ÇØ´ç À¥ÆäÀÌÁö¿¡ Á¢¼ÓÇßÀ» ¶§ URL°ú ÆäÀÌÁö°¡ ¸Å 10ms¸¶´Ù https://facebook.comÀ¸·Î ¸®´ÙÀÌ·º¼Ç µÈ´Ù. ±×·¯³ª Ãë¾àÁ¡ÀÌ Á¸ÀçÇÏ´Â Brave ºê¶ó¿ìÀú¸¦ ÀÌ¿ëÇØ ÇØ´ç À¥ÆäÀÌÁö¿¡ Á¢±ÙÇÏ¸é ´ÙÀ½°ú °°Àº Çö»óÀÌ ¹ß»ýÇÑ´Ù.

Android ¹× iOSÀÇ Brave »ç¿ëÀÚ°¡ Á¶ÀÛµÈ À¥ÆäÀÌÁö¿¡ Á¢¼ÓÇϸé URLÀº https://facebook.com(ºê¶ó¿ìÀú ÁÖ¼Òâµµ ³ì»ýâÀ¸·Î ¹ß»ý)À¸·Î ¸®´ÙÀÌ·º¼Ç µÇÁö¸¸, À¥ ÆäÀÌÁö´Â ¿©ÀüÈ÷ Á¶ÀÛµÈ À¥ ÆäÀÌÁö·Î Á¢¼ÓµÈ´Ù. URL ÁÖ¼ÒâÀ» ÅëÇØ ÇØ´ç ÆäÀÌÁöÀÇ º¸¾È¼º ¹× Á¤»ó ¿©ºÎ¸¦ ÆÇ´ÜÇÏ´Â »ç¿ëÀÚ¶ó¸é °ø°ÝÀÚ°¡ ¸¸µé¾î ³õÀº ÇÇ½Ì ÆäÀÌÁö¿¡ °³ÀÎÁ¤º¸¸¦ ÀÔ·ÂÇÒ °¡´É¼ºÀÌ Å©´Ù´Â Àǹ̴Ù.

¡ã Á¶ÀÛµÈ À¥ ÆäÀÌÁö(À̹ÌÁö Ãâó : http://securityaffairs.co)


±×·¸´Ù¸é ´Ù¸¥ ºê¶ó¿ìÀú´Â ¾î¶»°Ô ¹ÝÀÀÇÒ±î? Chrome°ú Mozilla, Safati ºê¶ó¿ìÀú¿¡ Å×½ºÆ®¸¦ ÁøÇàÇغ» °á°ú, URLÀÌ º¯°æµÇÁö ¾Ê°í URL°ú À¥ÆäÀÌÁö ¸ðµÎ º¸¾ÈÀü¹®°¡°¡ ¸¸µé¾î µÐ Çǽ̻çÀÌÆ®¿¡ ¸Ó¹°·¯ ÀÖ´Â °ÍÀ» È®ÀÎÇß´Ù.

¿µÇâ ¹Þ´Â ºê¶ó¿ìÀú ¹öÀüÀº iOS Version 1.2.16(16.09.30.10), Android Version 1.9.56À̸ç ÆÐÄ¡ ¹æ¹ýÀº ÃֽŠ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ®ÇÏ¸é µÈ´Ù.
[¿øº´Ã¶ ±âÀÚ(boanone@boannews.com)]

<ÀúÀÛ±ÇÀÚ: º¸¾È´º½º(www.boannews.com) ¹«´ÜÀüÀç-Àç¹èÆ÷±ÝÁö>

  •  
  • 4
  • ÆäÀ̽ººÏ º¸³»±â Æ®À§ÅÍ º¸³»±â ³×À̹ö ¹êµå º¸³»±â Ä«Ä«¿À ½ºÅ丮 º¸³»±â ³×À̹ö ºí·Î±× º¸³»±â

  • ¡°
  •  SNS¿¡¼­µµ º¸¾È´º½º¸¦ ¹Þ¾Æº¸¼¼¿ä!! 
  • ¡±
¾Æ½ºÆ®·Ð½ÃÅ¥¸®Æ¼ ÆÄ¿öºñÁî 2023³â2¿ù23ÀÏ ½ÃÀÛ ³Ý¾Øµå ÆÄ¿öºñÁî ÁøÇà 2020³â1¿ù8ÀÏ ½ÃÀÛ~2021³â 1¿ù8ÀϱîÁö À§Áîµð¿£¿¡½º 2018
¼³¹®Á¶»ç
³»³â ȸ»ç¿¡ ²À µµÀÔÇÏ°í ½ÍÀº º¸¾È ¼Ö·ç¼Ç ¶Ç´Â Ç÷§ÆûÀº ¹«¾ùÀΰ¡¿ä?
XDR
EDR
AI º¸¾È
Á¦·ÎÆ®·¯½ºÆ®
°ø±Þ¸Á º¸¾È ü°è(SBOM)
Ŭ¶ó¿ìµå º¸¾È ¼Ö·ç¼Ç
±âŸ(´ñ±Û·Î)