·¹µåÇÞ, Apache Tomcat Ãë¾àÁ¡ º¸¾È ¾÷µ¥ÀÌÆ® ¹ßÇ¥
½Ã½ºÄÚ Á¦Ç°±º Á¦·Îµ¥ÀÌ Ãë¾àÁ¡ ´Ù¼ö ¹ß°ß...ÆÐÄ¡ ¹ßÇ¥ ¶§±îÁö Àӽà Á¶Ä¡ ÇÊ¿ä
[º¸¾È´º½º ±Ç ÁØ ±âÀÚ] ÃÖ±Ù ±Û·Î¹ú IT ±â¾÷ÀÇ ÁÖ¿ä Á¦Ç°±º ¹× SW¿¡¼ Ãë¾àÁ¡ ¹ß°ß°ú º¸¾È ¾÷µ¥ÀÌÆ®°¡ ¹Ýº¹µÇ°í ÀÖ´Â °¡¿îµ¥ ·¹µåÇÞ(RedHat) °è¿ Apache Tomcat°ú ½Ã½ºÄÚÀÇ Á¦Ç°±º¿¡¼ Ãë¾àÁ¡ÀÌ ¹ß°ßµÆ´Ù. ´õ¿íÀÌ ½Ã½ºÄÚ Á¦Ç°±ºÀº ¾ÆÁ÷ º¸¾È ¾÷µ¥ÀÌÆ®°¡ ÀÌ·ç¾îÁöÁö ¾ÊÀº Á¦·Îµ¥ÀÌ Ãë¾àÁ¡ÀÌ¾î¼ »ç¿ëÀÚµéÀÇ °¢º°ÇÑ ÁÖÀÇ°¡ ÇÊ¿äÇÏ´Ù.
¸ÕÀú ·¹µåÇÞ »ç´Â RedHat ±â¹Ý ½Ã½ºÅÛÀÇ Apache Tomcat¿¡¼ ¹ß»ýÇÏ´Â Ãë¾àÁ¡À» ÇØ°áÇÑ º¸¾È ¾÷µ¥ÀÌÆ®¸¦ ¹ßÇ¥Çß´Ù. RedHat Enterprise Linux 7 ±â¹Ý ½Ã½ºÅÛÀÌ Ãë¾àÁ¡¿¡ ¿µÇâÀ» ¹Þ°Ô µÇ´Âµ¥, °ø°ÝÀÚ°¡ ÇØ´ç Ãë¾àÁ¡À» ¾Ç¿ëÇÒ °æ¿ì ·ÎÄà ±ÇÇÑ»ó½ÂÀ» ÅëÇØ ½Ã½ºÅÛ Á¦¾î±ÇÇÑÀ» ȹµæÇÒ ¼ö ÀÖ´Ù.
ÇØ´ç Ãë¾àÁ¡Àº tomcat.confÀÇ Ãë¾àÇÑ ÆÄÀÏ ±ÇÇÑÀ¸·Î ÀÎÇØ ¹ß»ýÇÒ ¼ö ÀÖ´Â ·ÎÄà ±ÇÇÑ»ó½Â Ãë¾àÁ¡(CVE-2016-5425)À¸·Î, RedHat Enterprise Linux 7 ±â¹Ý ½Ã½ºÅÛÀÇ ±âº» ÀúÀå¼Ò Apache Tomcat 6/7/8 ¹öÀüÀ» »ç¿ëÇÒ °æ¿ì ÇØ´ç º¥´õ »çÀÇ ÃֽŠApache Tomcat ÆÐÅ°Áö ¾÷µ¥ÀÌÆ®¸¦ ÇØ¾ß ÇÑ´Ù.
ÆÐÅ°Áö ¾÷µ¥ÀÌÆ®°¡ ºÒ°¡´ÉÇÑ »ç¿ëÀÚ´Â /usr/lib/tmpfiles.d/tomcat.conf ÆÄÀÏÀÇ ¾²±â±ÇÇÑÀ» Á¦°ÅÇÏ°í, chmod 644 /usr/lib/tmpfiles.d/tomcat.conf ¸í·É¾î¸¦ ÅëÇØ ±ÇÇÑÀ» º¯°æÇØ¾ß ÇÑ´Ù.
º¸´Ù ÀÚ¼¼ÇÑ »çÇ×Àº https://access.redhat.com/security/cve/CVE-2016-5425¸¦ Âü°íÇÏ¸é µÈ´Ù.
¶ÇÇÑ, ½Ã½ºÄÚ »ç´Â ÀÚ»çÀÇ Á¦Ç°¿¡ ¿µÇâÀ» ÁÖ´Â ¸î °¡Áö Ãë¾àÁ¡À» ¹ßÇ¥Çß´Ù. °ø°ÝÀÚ´Â ÇØ´ç Ãë¾àÁ¡À» ¾Ç¿ëÇØ ÀÎÁõ ¿ìȸ, ¼ºñ½º °ÅºÎ µîÀÇ ÇÇÇظ¦ ¹ß»ý½Ãų ¼ö ÀÖÀ¸¹Ç·Î ÇØ´ç º¸¾È ¾÷µ¥ÀÌÆ®°¡ ¹ßÇ¥µÉ ¶§±îÁö Àӽà Á¶Ä¡°¡ ÇÊ¿äÇÏ´Ù. Ãë¾àÁ¡ÀÇ ¼¼ºÎ ³»¿ë°ú Àӽà Á¶Ä¡ »çÇ×Àº ´ÙÀ½°ú °°´Ù.
¡¤CVE-2016-6445 : Meeting ServerÀÇ XMPP ¼ºñ½º¿¡¼ ¹ß»ýÇϴ Ŭ¶óÀ̾ðÆ® ÀÎÁõ ¿ìȸ Ãë¾àÁ¡ -> Cisco Systems Download Software ȨÆäÀÌÁö¿¡ Á÷Á¢ ¹æ¹®ÇÏ¿© ÃֽŠ¾÷µ¥ÀÌÆ® Àû¿ë
¡¤CVE-2016-6437 : Wide Area Application Service(WAAS)ÀÇ SSL ¼¼¼Ç ij½Ã °ü¸®¿¡¼ ¹ß»ýÇÏ´Â ¼ºñ½º °ÅºÎ Ãë¾àÁ¡ -> µð½ºÅ©·ÎºÎÅÍ SSL ij½Ã ÆÄÀÏ »èÁ¦ ±Ç°í
¡¤CVE-2016-6440 : Cisco Unified Communications Manager(CUCM)ÀÇ À¥ ÆäÀÌÁö¿¡¼ ¹ß»ýÇÏ´Â iframe µ¥ÀÌÅÍ Å¬¸¯ÀçÅ· Ãë¾àÁ¡ -> HTTP request ¿äû ½Ã iframe µ¥ÀÌÅÍ °ª °ËÁõ ±Ç°í
¡¤CVE-2016-6443 : Prime Infrastructure¿Í Evolved Programmable Network Manager¿¡¼ ¹ß»ýÇÏ´Â SQL Injection Ãë¾àÁ¡ -> »ç¿ëÀÚ ÀÔ·Â °ª °ËÁõ ±Ç°í
¡¤CVE-2016-6442 : Finesse ¼ÒÇÁÆ®¿þ¾î¿¡¼ ¹ß»ýÇÏ´Â »çÀÌÆ®°£ ¿äû À§Á¶(CSRF) Ãë¾àÁ¡ -> TokenÀ» ¹ß±ÞÇÏ¿© form°ú ÇÔ²² ¼¹ö·Î ¼Û½ÅÇØ¾ß Åë½ÅÇÒ ¼ö ÀÖµµ·Ï ¼³Á¤ ±Ç°í
¡¤CVE-2016-6438 : Cisco IOS XE ¼ÒÇÁÆ®¿þ¾î¿¡¼ µ¿ÀÛÇÏ´Â Cisco-cBR-8 Converged Broadband Router¿¡¼ vty lineÀÇ È¯°æ¼³Á¤À» º¯°æÇÒ ¼ö ÀÖ´Â Ãë¾àÁ¡ -> Telnet ¶Ç´Â SSH Åë½Å ¹æÁö ±Ç°í
À̹ø¿¡ ¹ßÇ¥µÈ ·¹µåÇÞ°ú ½Ã½ºÄÚ »çÀÇ Ãë¾àÁ¡°ú º¸¾È ¾÷µ¥ÀÌÆ®¿¡ °üÇÑ º¸´Ù ±¸Ã¼ÀûÀÎ »çÇ×Àº Çѱ¹ÀÎÅͳÝÁøÈï¿ø ÀÎÅͳÝħÇØ´ëÀÀ¼¾ÅÍ(±¹¹ø¾øÀÌ 118)·Î ¹®ÀÇÇÏ¸é µÈ´Ù.
[±Ç ÁØ ±âÀÚ(editor@boannews.com)]
½Ã½ºÄÚ Á¦Ç°±º Á¦·Îµ¥ÀÌ Ãë¾àÁ¡ ´Ù¼ö ¹ß°ß...ÆÐÄ¡ ¹ßÇ¥ ¶§±îÁö Àӽà Á¶Ä¡ ÇÊ¿ä
[º¸¾È´º½º ±Ç ÁØ ±âÀÚ] ÃÖ±Ù ±Û·Î¹ú IT ±â¾÷ÀÇ ÁÖ¿ä Á¦Ç°±º ¹× SW¿¡¼ Ãë¾àÁ¡ ¹ß°ß°ú º¸¾È ¾÷µ¥ÀÌÆ®°¡ ¹Ýº¹µÇ°í ÀÖ´Â °¡¿îµ¥ ·¹µåÇÞ(RedHat) °è¿ Apache Tomcat°ú ½Ã½ºÄÚÀÇ Á¦Ç°±º¿¡¼ Ãë¾àÁ¡ÀÌ ¹ß°ßµÆ´Ù. ´õ¿íÀÌ ½Ã½ºÄÚ Á¦Ç°±ºÀº ¾ÆÁ÷ º¸¾È ¾÷µ¥ÀÌÆ®°¡ ÀÌ·ç¾îÁöÁö ¾ÊÀº Á¦·Îµ¥ÀÌ Ãë¾àÁ¡ÀÌ¾î¼ »ç¿ëÀÚµéÀÇ °¢º°ÇÑ ÁÖÀÇ°¡ ÇÊ¿äÇÏ´Ù.
¸ÕÀú ·¹µåÇÞ »ç´Â RedHat ±â¹Ý ½Ã½ºÅÛÀÇ Apache Tomcat¿¡¼ ¹ß»ýÇÏ´Â Ãë¾àÁ¡À» ÇØ°áÇÑ º¸¾È ¾÷µ¥ÀÌÆ®¸¦ ¹ßÇ¥Çß´Ù. RedHat Enterprise Linux 7 ±â¹Ý ½Ã½ºÅÛÀÌ Ãë¾àÁ¡¿¡ ¿µÇâÀ» ¹Þ°Ô µÇ´Âµ¥, °ø°ÝÀÚ°¡ ÇØ´ç Ãë¾àÁ¡À» ¾Ç¿ëÇÒ °æ¿ì ·ÎÄà ±ÇÇÑ»ó½ÂÀ» ÅëÇØ ½Ã½ºÅÛ Á¦¾î±ÇÇÑÀ» ȹµæÇÒ ¼ö ÀÖ´Ù.
ÇØ´ç Ãë¾àÁ¡Àº tomcat.confÀÇ Ãë¾àÇÑ ÆÄÀÏ ±ÇÇÑÀ¸·Î ÀÎÇØ ¹ß»ýÇÒ ¼ö ÀÖ´Â ·ÎÄà ±ÇÇÑ»ó½Â Ãë¾àÁ¡(CVE-2016-5425)À¸·Î, RedHat Enterprise Linux 7 ±â¹Ý ½Ã½ºÅÛÀÇ ±âº» ÀúÀå¼Ò Apache Tomcat 6/7/8 ¹öÀüÀ» »ç¿ëÇÒ °æ¿ì ÇØ´ç º¥´õ »çÀÇ ÃֽŠApache Tomcat ÆÐÅ°Áö ¾÷µ¥ÀÌÆ®¸¦ ÇØ¾ß ÇÑ´Ù.
ÆÐÅ°Áö ¾÷µ¥ÀÌÆ®°¡ ºÒ°¡´ÉÇÑ »ç¿ëÀÚ´Â /usr/lib/tmpfiles.d/tomcat.conf ÆÄÀÏÀÇ ¾²±â±ÇÇÑÀ» Á¦°ÅÇÏ°í, chmod 644 /usr/lib/tmpfiles.d/tomcat.conf ¸í·É¾î¸¦ ÅëÇØ ±ÇÇÑÀ» º¯°æÇØ¾ß ÇÑ´Ù.
º¸´Ù ÀÚ¼¼ÇÑ »çÇ×Àº https://access.redhat.com/security/cve/CVE-2016-5425¸¦ Âü°íÇÏ¸é µÈ´Ù.
¶ÇÇÑ, ½Ã½ºÄÚ »ç´Â ÀÚ»çÀÇ Á¦Ç°¿¡ ¿µÇâÀ» ÁÖ´Â ¸î °¡Áö Ãë¾àÁ¡À» ¹ßÇ¥Çß´Ù. °ø°ÝÀÚ´Â ÇØ´ç Ãë¾àÁ¡À» ¾Ç¿ëÇØ ÀÎÁõ ¿ìȸ, ¼ºñ½º °ÅºÎ µîÀÇ ÇÇÇظ¦ ¹ß»ý½Ãų ¼ö ÀÖÀ¸¹Ç·Î ÇØ´ç º¸¾È ¾÷µ¥ÀÌÆ®°¡ ¹ßÇ¥µÉ ¶§±îÁö Àӽà Á¶Ä¡°¡ ÇÊ¿äÇÏ´Ù. Ãë¾àÁ¡ÀÇ ¼¼ºÎ ³»¿ë°ú Àӽà Á¶Ä¡ »çÇ×Àº ´ÙÀ½°ú °°´Ù.
¡¤CVE-2016-6445 : Meeting ServerÀÇ XMPP ¼ºñ½º¿¡¼ ¹ß»ýÇϴ Ŭ¶óÀ̾ðÆ® ÀÎÁõ ¿ìȸ Ãë¾àÁ¡ -> Cisco Systems Download Software ȨÆäÀÌÁö¿¡ Á÷Á¢ ¹æ¹®ÇÏ¿© ÃֽŠ¾÷µ¥ÀÌÆ® Àû¿ë
¡¤CVE-2016-6437 : Wide Area Application Service(WAAS)ÀÇ SSL ¼¼¼Ç ij½Ã °ü¸®¿¡¼ ¹ß»ýÇÏ´Â ¼ºñ½º °ÅºÎ Ãë¾àÁ¡ -> µð½ºÅ©·ÎºÎÅÍ SSL ij½Ã ÆÄÀÏ »èÁ¦ ±Ç°í
¡¤CVE-2016-6440 : Cisco Unified Communications Manager(CUCM)ÀÇ À¥ ÆäÀÌÁö¿¡¼ ¹ß»ýÇÏ´Â iframe µ¥ÀÌÅÍ Å¬¸¯ÀçÅ· Ãë¾àÁ¡ -> HTTP request ¿äû ½Ã iframe µ¥ÀÌÅÍ °ª °ËÁõ ±Ç°í
¡¤CVE-2016-6443 : Prime Infrastructure¿Í Evolved Programmable Network Manager¿¡¼ ¹ß»ýÇÏ´Â SQL Injection Ãë¾àÁ¡ -> »ç¿ëÀÚ ÀÔ·Â °ª °ËÁõ ±Ç°í
¡¤CVE-2016-6442 : Finesse ¼ÒÇÁÆ®¿þ¾î¿¡¼ ¹ß»ýÇÏ´Â »çÀÌÆ®°£ ¿äû À§Á¶(CSRF) Ãë¾àÁ¡ -> TokenÀ» ¹ß±ÞÇÏ¿© form°ú ÇÔ²² ¼¹ö·Î ¼Û½ÅÇØ¾ß Åë½ÅÇÒ ¼ö ÀÖµµ·Ï ¼³Á¤ ±Ç°í
¡¤CVE-2016-6438 : Cisco IOS XE ¼ÒÇÁÆ®¿þ¾î¿¡¼ µ¿ÀÛÇÏ´Â Cisco-cBR-8 Converged Broadband Router¿¡¼ vty lineÀÇ È¯°æ¼³Á¤À» º¯°æÇÒ ¼ö ÀÖ´Â Ãë¾àÁ¡ -> Telnet ¶Ç´Â SSH Åë½Å ¹æÁö ±Ç°í
À̹ø¿¡ ¹ßÇ¥µÈ ·¹µåÇÞ°ú ½Ã½ºÄÚ »çÀÇ Ãë¾àÁ¡°ú º¸¾È ¾÷µ¥ÀÌÆ®¿¡ °üÇÑ º¸´Ù ±¸Ã¼ÀûÀÎ »çÇ×Àº Çѱ¹ÀÎÅͳÝÁøÈï¿ø ÀÎÅͳÝħÇØ´ëÀÀ¼¾ÅÍ(±¹¹ø¾øÀÌ 118)·Î ¹®ÀÇÇÏ¸é µÈ´Ù.
[±Ç ÁØ ±âÀÚ(editor@boannews.com)]
<ÀúÀÛ±ÇÀÚ: º¸¾È´º½º(www.boannews.com) ¹«´ÜÀüÀç-Àç¹èÆ÷±ÝÁö>
±ÇÁرâÀÚ ±â»çº¸±â
.jpg)
.jpg)
.jpg)
