¼ºñ½º °ÅºÎ ¹× ºñ¹Ð¹øÈ£ º¯°æ °¡´É Ãë¾àÁ¡ ¹ß°ß...³·Àº ¹öÀü ¾÷µ¥ÀÌÆ® ÇÊ¿ä
[º¸¾È´º½º ±è°æ¾Ö ±âÀÚ] Samba ¼ÒÇÁÆ®¿þ¾î¿¡¼ Ãë¾àÁ¡ÀÌ ¹ß°ßµÅ ÀÌ¿ëÀÚµéÀÇ ÁÖÀÇ°¡ ¿ä±¸µÈ´Ù. µû¶ó¼ ³·Àº ¹öÀü »ç¿ëÀÚ´Â ¼ºñ½º °ÅºÎ, Æнº¿öµå º¯°æ °ø°Ý¿¡ Ãë¾àÇϹǷÎ, ÃֽŠ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ®ÇÏ´Â °ÍÀÌ ¹Ù¶÷Á÷ÇÏ´Ù.
À̹ø¿¡ ¹ß°ßµÈ Ãë¾àÁ¡Àº RPC ½ºÇ® ¼ºñ½º°¡ ¿ÜºÎ µ¥¸óÀ¸·Î ½ÇÇàµÇµµ·Ï ±¸¼ºµÈ °æ¿ì, À̸¦ È£ÃâÇÏ´Â °úÁ¤¿¡¼ ÀԷ°ª¿¡ ´ëÇÑ °ËÁõ ¹ÌÈíÀ¸·Î Àμ⠽ºÇ®·¯ ¼ºñ½º°¡ Áß´ÜµÉ ¼ö ÀÖ´Â ¼ºñ½º °ÅºÎ Ãë¾àÁ¡(CVE-2018-1050)[1]°ú Samba4 Active Directory Domain ControllerÀÇ LDAP ¼¹ö¿¡¼ ±ÇÇÑ °ËÁõÀÌ ¹ÌÈíÇÏ¿© ´Ù¸¥ »ç¿ëÀÚÀÇ ºñ¹Ð¹øÈ£¸¦ º¯°æÇÒ¼ö ÀÖ´Â Ãë¾àÁ¡(CVE-2018-1057)[2]ÀÌ´Ù.
¿µÇâÀ» ¹Þ´Â Á¦Ç°Àº 4.7.5 ¹× ÀÌÀü ¹öÀü, 4.6.13 ¹× ÀÌÀü ¹öÀü, 4.5.15 ¹× ÀÌÀü ¹öÀü, .4.x, 4.3.x, 4.2.x, 4.1.x, 4.0.x ¹öÀüÀÌ´Ù.
ÀÌ¿¡ µû¶ó Samba 4.7.x ¹öÀüÀº Samba 4.7.6 ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ®ÇØ¾ß ÇÏ°í, Samba 4.6.x ¹öÀüÀº Samba 4.6.14 ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ®ÇØ¾ß ÇÑ´Ù. ¶ÇÇÑ, Samba 4.5.x ¹öÀüÀº Samba 4.5.16 ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ®¸¦ Àû¿ëÇØ¾ß ÇÑ´Ù.
ÀÚ¼¼ÇÑ »çÇ×Àº Çѱ¹ÀÎÅͳÝÁøÈï¿ø ÀÎÅͳÝħÇØ´ëÀÀ¼¾ÅÍ(±¹¹ø¾øÀÌ 118)¿¡ ¹®ÀÇÇÏ¸é µÈ´Ù.
[Âü°í»çÀÌÆ®]
[1] https://www.samba.org/samba/security/CVE-2018-1050.html
[2] https://www.samba.org/samba/security/CVE-2018-1057.html
[3] https://www.samba.org/samba/history/samba-4.7.6.html
[4] https://www.samba.org/samba/history/samba-4.6.14.html
[5] https://www.samba.org/samba/history/samba-4.5.16.html
[±è°æ¾Ö ±âÀÚ(boan3@boannews.com)]
[º¸¾È´º½º ±è°æ¾Ö ±âÀÚ] Samba ¼ÒÇÁÆ®¿þ¾î¿¡¼ Ãë¾àÁ¡ÀÌ ¹ß°ßµÅ ÀÌ¿ëÀÚµéÀÇ ÁÖÀÇ°¡ ¿ä±¸µÈ´Ù. µû¶ó¼ ³·Àº ¹öÀü »ç¿ëÀÚ´Â ¼ºñ½º °ÅºÎ, Æнº¿öµå º¯°æ °ø°Ý¿¡ Ãë¾àÇϹǷÎ, ÃֽŠ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ®ÇÏ´Â °ÍÀÌ ¹Ù¶÷Á÷ÇÏ´Ù.
¡ãCVE-2018-1050 Ãë¾àÁ¡[À̹ÌÁö=samba »çÀÌÆ®]
À̹ø¿¡ ¹ß°ßµÈ Ãë¾àÁ¡Àº RPC ½ºÇ® ¼ºñ½º°¡ ¿ÜºÎ µ¥¸óÀ¸·Î ½ÇÇàµÇµµ·Ï ±¸¼ºµÈ °æ¿ì, À̸¦ È£ÃâÇÏ´Â °úÁ¤¿¡¼ ÀԷ°ª¿¡ ´ëÇÑ °ËÁõ ¹ÌÈíÀ¸·Î Àμ⠽ºÇ®·¯ ¼ºñ½º°¡ Áß´ÜµÉ ¼ö ÀÖ´Â ¼ºñ½º °ÅºÎ Ãë¾àÁ¡(CVE-2018-1050)[1]°ú Samba4 Active Directory Domain ControllerÀÇ LDAP ¼¹ö¿¡¼ ±ÇÇÑ °ËÁõÀÌ ¹ÌÈíÇÏ¿© ´Ù¸¥ »ç¿ëÀÚÀÇ ºñ¹Ð¹øÈ£¸¦ º¯°æÇÒ¼ö ÀÖ´Â Ãë¾àÁ¡(CVE-2018-1057)[2]ÀÌ´Ù.
¿µÇâÀ» ¹Þ´Â Á¦Ç°Àº 4.7.5 ¹× ÀÌÀü ¹öÀü, 4.6.13 ¹× ÀÌÀü ¹öÀü, 4.5.15 ¹× ÀÌÀü ¹öÀü, .4.x, 4.3.x, 4.2.x, 4.1.x, 4.0.x ¹öÀüÀÌ´Ù.
ÀÌ¿¡ µû¶ó Samba 4.7.x ¹öÀüÀº Samba 4.7.6 ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ®ÇØ¾ß ÇÏ°í, Samba 4.6.x ¹öÀüÀº Samba 4.6.14 ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ®ÇØ¾ß ÇÑ´Ù. ¶ÇÇÑ, Samba 4.5.x ¹öÀüÀº Samba 4.5.16 ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ®¸¦ Àû¿ëÇØ¾ß ÇÑ´Ù.
ÀÚ¼¼ÇÑ »çÇ×Àº Çѱ¹ÀÎÅͳÝÁøÈï¿ø ÀÎÅͳÝħÇØ´ëÀÀ¼¾ÅÍ(±¹¹ø¾øÀÌ 118)¿¡ ¹®ÀÇÇÏ¸é µÈ´Ù.
[Âü°í»çÀÌÆ®]
[1] https://www.samba.org/samba/security/CVE-2018-1050.html
[2] https://www.samba.org/samba/security/CVE-2018-1057.html
[3] https://www.samba.org/samba/history/samba-4.7.6.html
[4] https://www.samba.org/samba/history/samba-4.6.14.html
[5] https://www.samba.org/samba/history/samba-4.5.16.html
[±è°æ¾Ö ±âÀÚ(boan3@boannews.com)]
<ÀúÀÛ±ÇÀÚ: º¸¾È´º½º(www.boannews.com) ¹«´ÜÀüÀç-Àç¹èÆ÷±ÝÁö>
±è°æ¾Ö±âÀÚ ±â»çº¸±â
[2025-04-07] .jpg)
.png)
