| Ãë¾àÁ¡ID |
23042 |
| À§Çèµµ |
40 |
| Æ÷Æ® |
1812 |
| ÇÁ·ÎÅäÄÝ |
UDP |
| ºÐ·ù |
RADIUS |
| »ó¼¼¼³¸í |
ÇØ´ç ½Ã½ºÅÛ¿¡´Â RADIUS ¼¹ö°¡ °¡µ¿ ÁßÀÌ´Ù.
RADIUS(Remote Authentication Dial-In User Service)´Â ´ÙÁß ³×Æ®¿öÅ© »ç¿ëÀÚ È¯°æ¿¡¼ »ç¿ëÀÚ¿Í »ç¿ëÀÚ ÀÎÁõÀ» °ü¸®ÇÏ°í ¾×¼¼½º ±ÇÇÑÀ» °ü¸®Çϴ Ŭ¶óÀ̾ðÆ®/¼¹ö ÇÁ·ÎÅäÄÝ ¶Ç´Â ¼ÒÇÁÆ®¿þ¾îÀÌ´Ù.
ÁÖ·Î À¯¼± ISP(Internet Service Providers), ¹«¼± 802.11 MAC ÁÖ¼Ò ÀÎÁõ, ´ë±Ô¸ð ±â¾÷ü, ±³À°±â°ü¿¡¼ ´Ù¼öÀÇ ´ÙÀ̾ó ÀÎ ¸ðµ© Á¢¼ÓÀÇ ¾×¼¼½º ±ÇÇÑ, ÀÎÁõÀ» °ü¸®Çϱâ À§ÇØ »ç¿ëµÈ´Ù. RADIUS´Â °ø½ÄÀûÀ¸·Î ÇÒ´çµÈ Æ÷Æ® 1812/UDP¸¦ »ç¿ëÇÑ´Ù.
´ÙÀ½°ú °°ÀÌ ´Ù¾çÇÑ RADIUS ¼¹öÀÇ °ø°Ý¿¡ µµ¿ëµÉ ¼ö ÀÖ´Â ´Ù¼öÀÇ Ãë¾àÁ¡µéÀÌ Á¸ÀçÇÑ´Ù:
1. IC Radius ÆÐÅ°Áö¿¡´Â ±ä »ç¿ëÀÚ¸íÀ¸·Î ÀÎÇÑ ¹öÆÛ ¿À¹öÇ÷οì Ãë¾àÁ¡ÀÌ Á¸ÀçÇÏ¸é ±× °á°ú ¼ºñ½º °ÅºÎ »óŸ¦ À¯¹ßÇÑ´Ù.
2. Lucent 2.1-2 RADIUS¿Í Merit 3.6b ÀÇ RADIUS µ¥¸ó(radiusd)¿¡ Á¸ÀçÇÏ´Â ´Ù¼öÀÇ ¹öÆÛ ¿À¹öÇ÷οì Ãë¾àÁ¡Àº ¼ºñ½º °ÅºÎ »óŸ¦ À¯¹ßÇϰųª ÀÓÀÇÀÇ ¸í·É ½ÇÇàÀ» °¡´ÉÇÏ°Ô ÇÑ´Ù.
3. Livingston/Lucent RADIUS 2.1.va.1 ÀÌÀü ¹öÀüµé¿¡ Á¸ÀçÇÏ´Â ·ÎÄà ¶Ç´Â ¿ø°Ý Æ÷¸Ë ½ºÆ®¸µ(format string) Ãë¾àÁ¡µéÀº ·Î±× ¸Þ½ÃÁö¿¡ »ðÀÔµÈ Æ÷¸Ë ½Äº°ÀÚ(format specifiers)¸¦ ÅëÇØ ¼ºñ½º °ÅºÎ »óŸ¦ À¯¹ßÇÏ°í ÀÓÀÇÀÇ ÄÚµå ½ÇÇàÀÌ °¡´ÉÇÏ´Ù.
4. ´Ù¼öÀÇ RADIUS ±¸Çö »óÀÇ ´ÙÀÌÁ¦½ºÆ®(digest) ¿¬»ê ÇÔ¼ö¿¡ Á¸ÀçÇÏ´Â ¹öÆÛ ¿À¹öÇ÷οì Ãë¾àÁ¡Àº °øÀ¯µÈ ºñ¹Ð µ¥ÀÌÅ͸¦ ÅëÇØ ¼ºñ½º °ÅºÎ »óŸ¦ À¯¹ßÇϰųª ÀÓÀÇÀÇ ÄÚµå ½ÇÇàÀ» °¡´ÉÇÏ°Ô ÇÑ´Ù.
5. ´Ù¼öÀÇ RADIUS ±¸Çö »ó¿¡´Â Vendor-Specific ¼Ó¼º(attribute)ÀÇ Vendor-Length¸¦ ÀûÀýÈ÷ °Ë»çÇÏÁö ¸øÇÏ´Â Ãë¾àÁ¡À¸·Î ÀÎÇÏ¿© 2º¸´Ù ÀÛÀº Vendor-Length¸¦ ÅëÇØ ¼ºñ½º °ÅºÎ »óÅÂ(¶Ç´Â Å©·¡½¬(crash))¸¦ À¯¹ßÇÑ´Ù.
* ¾Ë¸²: ÀÌ Á¡°ËÇ׸ñÀº ÀÌ Ãë¾àÁ¡À» Á¡°ËÇϱâ À§ÇØ ½ÇÁ¦ Å×½ºÆ®¸¦ ¼öÇàÇÏÁö ¾ÊÀ¸¸ç ´ÜÁö Radius µ¥¸óÀÇ Á¸ÀçÀ¯¹«¸¸À» º»´Ù. µû¶ó¼ °ÅÁþ ¾ç¼º¹ÝÀÀ(False Positive)À» º¸ÀÏ ¼ö ÀÖ´Ù.
* Âü°í »çÀÌÆ®:
http://www.cert.org/advisories/CA-2002-06.html
http://www.security.nnov.ru/advisories/radius.asp
* ¿µÇâÀ» ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î:
Ascend RADIUS ¹öÀü 1.16 ÀÌÇÏ
Cistron RADIUS ¹öÀü 1.6.5 ÀÌÇÏ
FreeRADIUS ¹öÀü 0.3 ÀÌÇÏ
GnuRADIUS ¹öÀü 0.95 ÀÌÇÏ
ICRADIUS ¹öÀü 0.18.1 ÀÌÇÏ
Livingston RADIUS ¹öÀü 2.1 ÀÌÇÏ
Novell Border Manager
Open System Consultants Radiator 2.6 ÀÌÇÏ
RADIUS (Lucent RADIUS·Î ±â ¾Ë·ÁÁü) ¹öÀü 2.1 ÀÌÇÏ
RADIUSClient ¹öÀü 0.3.1 ÀÌÇÏ
Secure Computing Corp. SafeWord version 5.2 ±×¸®°í SafeWord PremierAccess v3.0
Vircom VOP Radius 3.2 ÀÌÇÏ
XTRADIUS 1.1-pre1 ÀÌÇÏ
YARD RADIUS 1.0.19 ÀÌÇÏ |
| ÇØ°áÃ¥ |
Radius ¼¹öÀÇ ÃֽŠ¹öÀüÀÌ ¼öÇàµÇ°í ÀÖ´ÂÁö È®ÀÎÇÏ¿©¾ß ÇÑ´Ù.
¾÷±×·¹À̵峪 ÆÐÄ¡ Á¤º¸´Â Á¦Á¶»ç¿¡ ¹®ÀÇÇϰųª ´ÙÀ½ CERT ±Ç°í¾È CA-2002-06À» Âü°íÇÑ´Ù:
http://www.cert.org/advisories/CA-2002-06.html
-- ±×¸®°í --
½Å·Ú¼º¾ø´Â ³×Æ®¿÷µé·ÎºÎÅÍ ÀÌ Æ÷Æ®(1812/UDP)·Î µé¾î¿À´Â Æ®·¡ÇÈÀ» ÇÊÅ͸µÇÏ¿©¾ß ÇÑ´Ù. |
| °ü·Ã URL |
CVE-2001-1377,CVE-2001-1376,CVE-2001-1081,CVE-2001-0534,CVE-2000-0321 (CVE) |
| °ü·Ã URL |
7892,5103,4230,3530,3529,2994,2989,2991,6261,3532 (SecurityFocus) |
| °ü·Ã URL |
8354 (ISS) |
|
