| Ãë¾àÁ¡ID |
12043 |
| À§Çèµµ |
40 |
| Æ÷Æ® |
|
| ÇÁ·ÎÅäÄÝ |
53,55,77,103 |
| ºÐ·ù |
CISCO |
| »ó¼¼¼³¸í |
ÇØ´ç Cisco IOS´Â ºñÁ¤»óÀûÀÎ IPv4 ÆÐŶµéÀ» ÅëÇÑ ¼ºñ½º °ÅºÎ °ø°Ý¿¡ Ãë¾àÇÏ´Ù.
´Ù¼öÀÇ Cisco Internetwork Operating System ¼ÒÇÁÆ®¿þ¾î (IOS)°¡ ÀÛµ¿ÇÏ°í ÀÖ´Â Cisco ¶ó¿ìÅ͵é°ú ½ºÀ§Ä¡µéÀº ´ë´Ù¼öÀÇ IPv4 ÀåºñµéÀÇ ³×Æ®¿öÅ© ÀÎÅÍÆäÀ̽º°¡ ¿µÇâÀ» ¹Þ´Â ¼ºñ½º °ÅºÎ Ãë¾àÁ¡¿¡ Ãë¾àÇÏ´Ù. ÀÌ Ãë¾àÁ¡Àº Cisco IOS 11.x¿¡¼ 12.x »çÀÌÀÇ ¹öÀüµéÀÌ ÀÛµ¿µÇ´Â ¸ðµç Çϵå¿þ¾î Ç÷§Æûµé¿¡ Á¸ÀçÇÑ´Ù.
Ãë¾àÁ¡Àº IPv4 Æ®·¡ÇÈÀÇ ¿¬¼ÓµÇ´Â ºñÁ¤»óÀûÀÌ°í Ưº°ÇÑ ÆÐŶµéÀ» ¿Ã¹Ù¸£°Ô ó¸®ÇÏÁö ¸øÇÏ´Â ÆÐŶ ó¸® ·çƾµéÀÇ °áÇÔÀÌ ¿øÀÎÀÌ µÈ´Ù. ¸¸¾à ±×·¯ÇÑ ¿¬¼ÓÀûÀÎ ÆÐŶµéÀ» ¸¸³´Ù¸é IOS´Â ³×Æ®¿öÅ© ÀÎÅÍÆäÀ̽º¿¡ ÀÖ´Â ÀԷ ť¸¦ ²ËÂù(full) °ÍÀ¸·Î À߸ø ¼³Á¤ÇÑ´Ù. ÀÏÁ¤ÇÑ ½Ã°£ÀÌ °æ°úÇÑ µÚ, Ãë¾àÇÑ Àåºñ´Â ¶ó¿ìÆðú ARP ÇÁ·ÎÅäÄݵéÀÇ Ã³¸®¸¦ ÁßÁöÇÑ´Ù. ÀÌ°ÍÀº ¾ÆÁÖ È¿°úÀûÀ¸·Î ÀÎÅÍÆäÀ̽º°¡ ¾î¶² Æ®·¡Çȵµ ó¸®ÇÏÁö ¸øÇϵµ·Ï ÇÑ´Ù.
Ưº°ÇÑ ¿¬¼ÓµÇ´Â IPv4 ÆÐŶµéÀ» º¸³¿À¸·Î½á ¿ø°ÝÁöÀÇ °ø°ÝÀÚ´Â Àåºñ°¡ ÀԷ ť¸¦ ²ËÂù °ÍÀ¸·Î ¼³Á¤Çϵµ·Ï ÇÒ ¼ö ÀÖÀ¸¸ç ÀÌ´Â ÀÔ·Â ÀÎÅÍÆäÀ̽º°¡ Æ®·¡ÇÈ Ã³¸®¸¦ ÁßÁöÇÏ°Ô ÇÑ´Ù.
°ø°ÝÀº ¸ðµç ³×Æ®¿öÅ© ÀÎÅÍÆäÀ̽ºµéÀ» ºÒ´É»óÅ°¡ µÇµµ·Ï ´ë»ó Àåºñ¿¡ ´ëÇØ ¹Ýº¹ÀûÀ¸·Î °¡ÇØÁú ¼ö ÀÖ´Ù. ÀÌ »óÅ·Πµé¾î°£ ÀåºñµéÀº »ç¿ëÀÚ °£¼·À̳ª Çϵå¿þ¾îÀûÀÎ Àç½ÃÀÛ ¾øÀÌ´Â ¸®¼ÂµÇÁö ¾Ê´Â´Ù.
* ¾Ë¸²: ÇØ´ç Cisco Àåºñ´Â ÀÌ Á¡°Ë¿¡ ÀÇÇØ Å©·¡½¬ µÇ¾úÀ» °ÍÀÌ´Ù. µû¶ó¼ Á¤»óÀûÀÎ ±â´É ȸº¹À» À§Çؼ´Â ÀåºñÀÇ Àç½ÃÀÛÀÌ ÇÊ¿äÇÏ´Ù.
½ºÄ³´×¿¡ ¾Õ¼ ¸ÕÀú Á¤Ã¥ ÆíÁý±â¿¡¼ ÀÌ Á¡°ËÇ׸ñÀÎ "CISCO/IOS/IPv4_DoS_by_test"¿¡ ÇÒ´çµÇ¾î Áö´Â Hop °³¼ö·Î ÀûÀýÇÑ °ªÀ» ¼³Á¤ÇÏ¿©¾ß ÇÑ´Ù. ÀÌ ½ºÄ³³Ê¿Í ¶ó¿ìÅÍ »çÀÌÀÇ È© °³¼öÀÎ TTL (Time to Live)Àº ÆÐŶÀÌ Cisco ¶ó¿ìÅÍ¿¡ ÀÇÇØ ¹Þ¾ÆÁö´Â ½ÃÁ¡¿¡ 0 À̾î¾ß ÇÑ´Ù.
* Âü°í »çÀÌÆ®:
http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml
http://www.cert.org/advisories/CA-2003-15.html
http://www.kb.cert.org/vuls/id/411332
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Cisco IOS System |
| ÇØ°áÃ¥ |
´ÙÀ½ Cisco º¸¾È ±Ç°í¾È(Cisco IOS Interface Blocked by IPv4 Packets)ÀÇ "Software Versions and Fixes"¸¦ ÂüÁ¶ÇÏ¿© ¹®Á¦°¡ ÇØ°áµÈ Cisco IOS ¹öÀüµé ÁßÀÇ Çϳª·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù:
http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml
ÀÌ ¾÷±×·¹À̵åµéÀº CiscoÀÇ À¥ »çÀÌÆ®ÀÎ http://www.cisco.com/tacpage/sw-center/sw-ios.shtml ¿¡ ÀÖ´Â Software Center¸¦ ÅëÇØ ±¸ÇÒ ¼ö ÀÖ´Ù.
Àӽà Á¶Ä¡¹æ¹ýÀ¸·Î½á Cisco »ç´Â ¸ðµç IOS ÀåºñµéÀº IPv4 ÆÐŶµéÀ» ó¸®ÇÏ´Â ACL(Access Control List)µéÀ» »ç¿ëÇÏ¿© ¾î¶² Àΰ¡µÇÁö ¾ÊÀº ¼Ò½º(Source)·ÎºÎÅÍ ¶ó¿ìÅÍ·Î ÇâÇÑ Æ®·¡ÇÈÀ» Â÷´ÜÇϵµ·Ï ¼³Á¤ÇÒ °ÍÀ» ±Ç°íÇÏ°í ÀÖ´Ù.
´ÙÀ½ Access List´Â °ø°Ý Æ®·¡ÇÈÀ» Â÷´ÜÇϱâ À§ÇØ Æ¯º°È÷ °í¾ÈµÇ¾ú´Ù. ÀÌ Access List´Â ÀåºñÀÇ ¸ðµç ÀÎÅÍÆäÀ̽ºµé¿¡ ´ëÇØ Àû¿ëµÇ¾îÁ®¾ß Çϸç, ¸Á ±¸¼º»óÀÇ ÇÊÅ͵éÀ» ºü¶ß¸®Áö ¸»¾Æ¾ß ÇÑ´Ù.
access-list 101 deny 53 any any
access-list 101 deny 55 any any
access-list 101 deny 77 any any
access-list 101 deny 103 any any
!--- ÀÌ ÁöÁ¡¿¡ ÀÌÀü¿¡ Àû¿ëµÈ ´Ù¸¥ ACL ¿£Æ®¸®µéÀ» »ðÀÔÇÏ¿©¾ß ÇÑ´Ù.
!--- ¶ÇÇÑ ÀÌÀü¿¡ Á¤ÀÇµÈ permit ¸®½ºÆ®µéÀÌ ÀÛµ¿ÇÏ°í Á¤»óÀûÀÎ Æ®·¡ÇÈÀº
!--- Çã¿ëµÉ ¼ö ÀÖµµ·Ï ¼³Á¤À» ÇÏ¿©¾ß ÇÑ´Ù.
!--- ȤÀº ¹Ø¿¡ ÀÖ´Â "permit ip any any" ¸¦ »ç¿ëÇÏ¸é µÈ´Ù.
access-list 101 permit ip any any
´õ ÀÚ¼¼ÇÑ Á¤º¸´Â ´ÙÀ½ »çÀÌÆ®¿¡¼ º¼ ¼ö ÀÖ´Ù:
http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml |
| °ü·Ã URL |
CVE-2003-0567 (CVE) |
| °ü·Ã URL |
8211 (SecurityFocus) |
| °ü·Ã URL |
12631 (ISS) |
|
