| Ãë¾àÁ¡ID |
23046 |
| À§Çèµµ |
40 |
| Æ÷Æ® |
873 |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
RSYNCD |
| »ó¼¼¼³¸í |
ÇØ´ç rsync ¼¹öÀÇ ¹öÀü¿¡ µû¸£¸é ¼¹ö´Â Array Index ¿À¹öÇ÷ο쿡 Ãë¾àÇÏ´Ù. ´ëºÎºÐÀÇ Linux ¹èÆ÷ÆÇ¿¡ Æ÷ÇԵǾî ÀÖ´Â rsync´Â ¿©·¯ È£½ºÆ®µé °£¿¡ ÆÄÀÏÀ» µ¿±âÈÇϴµ¥ »ç¿ëµÇ´Â ¸Å¿ì ÀαâÀÖ´Â ÅøÀÌ´Ù. ºñ·Ï µðÆúÆ®·Î ÀÛµ¿µÇÁö´Â ¾ÊÁö¸¸ rsync´Â FTP ¹Ì·¯ »çÀÌÆ®·Î ÆÄÀÏ ¹èÆ÷ ±â´ÉÀ» Á¦°øÇØ ÁÖ´Â µ¥¸óÀ¸·Î¼ ÀÛµ¿µÉ ¼ö ÀÖ´Ù. Rsync 2.5.2 ¹Ì¸¸ÀÇ ¹öÀüµéÀº ¿ø°ÝÁöÀÇ °ø°ÝÀÚµéÀÌ rsync Ŭ¶óÀ̾ðÆ® ȤÀº ¼¹ö¿¡ ¼ºñ½º °ÅºÎ ȤÀº ÀÓÀÇÀÇ ÄÚµå ½ÇÇàÀ» °¡´ÉÇÏ°Ô ÇØ ÁØ´Ù. ƯÁ¤ ȯ°æ ¾Æ·¡¿¡¼ ¿ø°ÝÀ¸·Î Á¦°øµÈ ºÎÈ£È °ªÀÌ ¹è¿ À妽º(Array Index)·Î »ç¿ëµÇ´Âµ¥, ÀÌ´Â ÀÓÀÇÀÇ ¸Þ¸ð¸® À§Ä¡¿¡ NULL ¹ÙÀÌÆ®µéÀ» ¾µ ¼ö ÀÖ°Ô ÇØ ÁØ´Ù. ÀÌ Ãë¾àÁ¡À» µµ¿ëÇÏ¸é ½ºÅÃÀ» ±ú¶ß¸®°Å³ª root »ç¿ëÀÚ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ÄÚµå ½ÇÇàÀÌ °¡´ÉÇÏ´Ù.
* ¾Ë¸²: ÀÌ Á¡°ËÇ׸ñÀº ÀÌ Ãë¾àÁ¡À» Á¡°ËÇϱâ À§ÇØ ÇØ´ç rsync ¼¹öÀÇ ¹öÀü Á¤º¸¸¸À» È®ÀÎÇÑ´Ù. µû¶ó¼ °ÅÁþ ¾ç¼º¹ÝÀÀ(False Positive)À» º¸ÀÏ ¼ö ÀÖ´Ù.
* Âü°í »çÀÌÆ®:
http://www.kb.cert.org/vuls/id/800635
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
rsync 2.5.2 ¹Ì¸¸
UNIX Any version
Linux Any version |
| ÇØ°áÃ¥ |
rsync À¥ »çÀÌÆ®ÀÎ http://rsync.samba.org/ ¿¡¼ ±¸ÇÒ ¼ö ÀÖ´Â rsyncÀÇ °¡Àå ÃֽŠ¹öÀü(2.5.2 ȤÀº ÀÌÈÄ)À¸·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù.
Red Hat LinuxÀÇ °æ¿ì:
´ÙÀ½ Red Hat LinuxÀÇ Errata Advisory RHSA-2002:018-05¸¦ ÂüÁ¶ÇÏ¿© rsyncÀÇ °¡Àå ÃֽŠ¹öÀüÀ¸·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù:
http://rhn.redhat.com/errata/RHSA-2002-018.html
SuSE Linux 6.4 (Intel)ÀÇ °æ¿ì:
´ÙÀ½ SuSE Security Announcement SuSE-SA:2002:004¸¦ ÂüÁ¶ÇÏ¿© rsyncÀÇ °¡Àå ÃֽŠ¹öÀüÀ¸·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù:
http://archives.neohapsis.com/archives/bugtraq/2002-01/0315.html
Conectiva Linux 5.0, prg graficos, ±×¸®°í ecommerceÀÇ °æ¿ì:
´ÙÀ½ Conectiva Linux Security Announcement CLA-2002:458À» ÂüÁ¶ÇÏ¿© rsyncÀÇ °¡Àå ÃֽŠ¹öÀüÀ¸·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù:
http://archives.neohapsis.com/archives/bugtraq/2002-01/0316.html
Debian GNU/Linux 2.2 (alias potato)ÀÇ °æ¿ì:
´ÙÀ½ Debian Security Advisory DSA-106-2¸¦ ÂüÁ¶ÇÏ¿© rsyncÀÇ °¡Àå ÃֽŠ¹öÀü(2.3.2-1.5 ȤÀº ÀÌÈÄ)À¸·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù:
http://www.debian.org/security/2002/dsa-106
Caldera OpenLinuxÀÇ °æ¿ì:
´ÙÀ½ Caldera International »çÀÇ Security Advisory CSSA-2002-003.0À» ÂüÁ¶ÇÏ¿© rsyncÀÇ °¡Àå ÃֽŠ¹öÀü(2.5.0-2 ȤÀº ÀÌÈÄ)À¸·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù:
ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2002-003.0.txt
2002-01-23 ÀÌÀüÀÇ FreeBSD Ports CollectionÀÇ °æ¿ì:
´ÙÀ½ FreeBSD »çÀÇ Security Advisory FreeBSD-SA-02:10À» ÂüÁ¶ÇÏ¿© rsyncÀÇ °¡Àå ÃֽŠÆÐÅ°Áö(2.5.1_1 ȤÀº ÀÌÈÄ)·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù:
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:10.rsync.asc
±âŸ:
º¥´õ¿¡ ¹®ÀÇÇÏ¿© ÆÐÄ¡³ª ¾÷±×·¹À̵å Á¤º¸¸¦ ±¸ÇÏ¿©¾ß ÇÑ´Ù. ȤÀº ´ÙÀ½ CERT Vulnerability Note VU#800635¸¦ ÂüÁ¶ÇÑ´Ù:
http://www.kb.cert.org/vuls/id/800635 |
| °ü·Ã URL |
CVE-2002-0048 (CVE) |
| °ü·Ã URL |
3958 (SecurityFocus) |
| °ü·Ã URL |
7993 (ISS) |
|
