.jpg)
.jpg)
CVE-2018-1034, CVE-2018-1037, CVE-2018-8116
CVE-2018-8117, CVE-2018-9860
[º¸¾È´º½º ¹®°¡¿ë ±âÀÚ] ÇöÁö ½Ã°¢À¸·Î 4¿ù 11ÀÏ, ¿ì¸®³ª¶ó ½Ã°£À¸·Î´Â ´ë·« 11ÀÏ¿¡¼ 12ÀÏ·Î ³Ñ¾î¿À´Â ¹ã »çÀÌ¿¡ ¹Ì±¹ÀÇ National Vulnerability DatabaseÀ» ÅëÇØ ¹ßÇ¥µÈ Ãë¾àÁ¡µéÀÌ´Ù.
1. CVE-2018-1034
Microsoft SharePoint ServerÀÇ ±ÇÇÑ »ó½Â Ãë¾àÁ¡À¸·Î Ư¼öÇÏ°Ô Á¶ÀÛµÈ À¥ ¿äûÀ» Á¦´ë·Î °Ë»çÇÏÁö ¾Ê´Â´Ù. CVE-2018-1005, CVE-2018-1014, CVE-2018-1032¿Í´Â ´Ù¸¥ Ãë¾àÁ¡ÀÌ´Ù.
2. CVE-2018-1037
À©µµ¿ì ¸Þ¸ð¸® ³» °´Ã¼ Ãë±Þ ¹æ½Ä¿¡¼ ³ªÅ¸³ª´Â Ãë¾àÁ¡À¸·Î Microsoft Graphics Component Denial of Service Vulnerability¶ó´Â À̸§À¸·Îµµ ¾Ë·ÁÁ® ÀÖ´Ù. À©µµ¿ì 7, À©µµ¿ì ¼¹ö 2012 R2, À©µµ¿ì RT 8.1, À©µµ¿ì ¼¹ö 2008, À©µµ¿ì ¼¹ö 2012, À©µµ¿ì 8.1, À©µµ¿ì ¼¹ö 2016, À©µµ¿ì ¼¹ö 2008 R2, À©µµ¿ì 10, À©µµ¿ì 10 ¼¹ö¿¡ ¿µÇâÀ» ÁØ´Ù.
3. CVE-2018-8116
À©µµ¿ì ¸Þ¸ð¸® ³» °´Ã¼ Ãë±Þ ¹æ½Ä¿¡¼ ³ªÅ¸³ª´Â Ãë¾àÁ¡À¸·Î Microsoft Graphics Component Denial of Service Vulnerability¶ó´Â À̸§À¸·Îµµ ¾Ë·ÁÁ® ÀÖ´Ù. À©µµ¿ì 7, À©µµ¿ì ¼¹ö 2012 R2, À©µµ¿ì RT 8.1, À©µµ¿ì ¼¹ö 2008, À©µµ¿ì ¼¹ö 2012, À©µµ¿ì 8.1, À©µµ¿ì ¼¹ö 2016, À©µµ¿ì ¼¹ö 2008 R2, À©µµ¿ì 10, À©µµ¿ì 10 ¼¹ö¿¡ ¿µÇâÀ» ÁØ´Ù.
4. CVE-2018-8117
Microsoft Wireless Keyboard 850ÀÇ º¸¾È ±â´ÉÀÇ Ãë¾àÁ¡À¸·Î °ø°ÝÀÚ°¡ AES ¾ÏÈ£È Å°¸¦ Àç»ç¿ëÇØ Å°½ºÆ®·ÎÅ©¸¦ ÀúÀåÇÏ°í Àü¼ÛÇÒ ¼ö ÀÖ°Ô ÇØÁØ´Ù.
5. CVE-2018-9860
Botan 1.11.32~2.x±îÁö ¹öÀüÀÇ ¿ÀÇÁ¹ÙÀÌ¿ø(off-by-one) ¿À·ù·Î º¯ÇüµÈ TLS-CBC »çÀÌÆÛÅؽºÆ®¸¦ ó¸®ÇÏ´Â °úÁ¤ Áß¿¡ ¹ß»ýÇÑ´Ù.
[±¹Á¦ºÎ ¹®°¡¿ë ±âÀÚ(globoan@boannews.com)]
CVE-2018-8117, CVE-2018-9860
[º¸¾È´º½º ¹®°¡¿ë ±âÀÚ] ÇöÁö ½Ã°¢À¸·Î 4¿ù 11ÀÏ, ¿ì¸®³ª¶ó ½Ã°£À¸·Î´Â ´ë·« 11ÀÏ¿¡¼ 12ÀÏ·Î ³Ñ¾î¿À´Â ¹ã »çÀÌ¿¡ ¹Ì±¹ÀÇ National Vulnerability DatabaseÀ» ÅëÇØ ¹ßÇ¥µÈ Ãë¾àÁ¡µéÀÌ´Ù.
[À̹ÌÁö = iclickart]
1. CVE-2018-1034
Microsoft SharePoint ServerÀÇ ±ÇÇÑ »ó½Â Ãë¾àÁ¡À¸·Î Ư¼öÇÏ°Ô Á¶ÀÛµÈ À¥ ¿äûÀ» Á¦´ë·Î °Ë»çÇÏÁö ¾Ê´Â´Ù. CVE-2018-1005, CVE-2018-1014, CVE-2018-1032¿Í´Â ´Ù¸¥ Ãë¾àÁ¡ÀÌ´Ù.
2. CVE-2018-1037
À©µµ¿ì ¸Þ¸ð¸® ³» °´Ã¼ Ãë±Þ ¹æ½Ä¿¡¼ ³ªÅ¸³ª´Â Ãë¾àÁ¡À¸·Î Microsoft Graphics Component Denial of Service Vulnerability¶ó´Â À̸§À¸·Îµµ ¾Ë·ÁÁ® ÀÖ´Ù. À©µµ¿ì 7, À©µµ¿ì ¼¹ö 2012 R2, À©µµ¿ì RT 8.1, À©µµ¿ì ¼¹ö 2008, À©µµ¿ì ¼¹ö 2012, À©µµ¿ì 8.1, À©µµ¿ì ¼¹ö 2016, À©µµ¿ì ¼¹ö 2008 R2, À©µµ¿ì 10, À©µµ¿ì 10 ¼¹ö¿¡ ¿µÇâÀ» ÁØ´Ù.
3. CVE-2018-8116
À©µµ¿ì ¸Þ¸ð¸® ³» °´Ã¼ Ãë±Þ ¹æ½Ä¿¡¼ ³ªÅ¸³ª´Â Ãë¾àÁ¡À¸·Î Microsoft Graphics Component Denial of Service Vulnerability¶ó´Â À̸§À¸·Îµµ ¾Ë·ÁÁ® ÀÖ´Ù. À©µµ¿ì 7, À©µµ¿ì ¼¹ö 2012 R2, À©µµ¿ì RT 8.1, À©µµ¿ì ¼¹ö 2008, À©µµ¿ì ¼¹ö 2012, À©µµ¿ì 8.1, À©µµ¿ì ¼¹ö 2016, À©µµ¿ì ¼¹ö 2008 R2, À©µµ¿ì 10, À©µµ¿ì 10 ¼¹ö¿¡ ¿µÇâÀ» ÁØ´Ù.
4. CVE-2018-8117
Microsoft Wireless Keyboard 850ÀÇ º¸¾È ±â´ÉÀÇ Ãë¾àÁ¡À¸·Î °ø°ÝÀÚ°¡ AES ¾ÏÈ£È Å°¸¦ Àç»ç¿ëÇØ Å°½ºÆ®·ÎÅ©¸¦ ÀúÀåÇÏ°í Àü¼ÛÇÒ ¼ö ÀÖ°Ô ÇØÁØ´Ù.
5. CVE-2018-9860
Botan 1.11.32~2.x±îÁö ¹öÀüÀÇ ¿ÀÇÁ¹ÙÀÌ¿ø(off-by-one) ¿À·ù·Î º¯ÇüµÈ TLS-CBC »çÀÌÆÛÅؽºÆ®¸¦ ó¸®ÇÏ´Â °úÁ¤ Áß¿¡ ¹ß»ýÇÑ´Ù.
[±¹Á¦ºÎ ¹®°¡¿ë ±âÀÚ(globoan@boannews.com)]
<ÀúÀÛ±ÇÀÚ: º¸¾È´º½º(www.boannews.com) ¹«´ÜÀüÀç-Àç¹èÆ÷±ÝÁö>
¹®°¡¿ë±âÀÚ ±â»çº¸±â
[2024-11-01] 
