| Ãë¾àÁ¡ID |
14011 |
| À§Çèµµ |
40 |
| Æ÷Æ® |
22 |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
Ssh |
| »ó¼¼¼³¸í |
ÇØ´ç OpenSSHÀÇ ¹öÀüÀº 3.1 ¹Ì¸¸ÀÇ ¹öÀüÀÌ´Ù. OpenSSH 2.0°ú 3.0.2 »çÀÌÀÇ ¸ðµç ¹öÀüµéÀº ÀϹÝ(local) »ç¿ëÀÚµéÀÌ root ±ÇÇÑÀ» ¾òÀ» ¼ö ÀÖ°Ô ÇØ ÁÖ´Â off-by-one ¿¡·¯¿¡ Ãë¾àÇϸç, ¶ÇÇÑ ¿ø°ÝÁöÀÇ »ç¿ëÀÚ°¡ À¯»çÇÑ ¹æ¹ýÀ¸·Î ¿ø°Ý ¾×¼¼½º¸¦ À§ÇØ µ¥¸óÀÇ Ãë¾àÁ¡À» ÀÌ¿ëÇÒ °¡´É¼ºµµ ÀÖ´Ù.
°Ô´Ù°¡ Ãë¾àÇÑ SSH Ŭ¶óÀ̾ðÆ®´Â Ŭ¶óÀ̾ðÆ® Äڵ忡 ÀÖ´Â ÀÌ Ãë¾àÁ¡À» µµ¿ëÇÏ¿© Ŭ¶óÀ̾ðÆ® ½Ã½ºÅÛÀ» ÇØÅ·ÇÒ ¼ö ÀÖµµ·Ï ÇØ ³õÀº ¾ÇÀÇÀûÀÎ SSH µ¥¸ó¿¡ Á¢¼ÓÇÔÀ¸·Î½á ÇØÅ·´çÇÒ ¼öµµ ÀÖ´Ù.
* Âü°í »çÀÌÆ®:
http://www.kb.cert.org/vuls/id/408419
http://www.securiteam.com/unixfocus/5PP01206KE.html |
| ÇØ°áÃ¥ |
OpenSSH 3.1 ȤÀº ±× ÀÌÈÄ ¹öÀüÀ¸·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù.
-- ȤÀº --
Patch:
Index: channels.c
=============================================
RCS file: /cvs/src/usr.bin/ssh/channels.c,v
retrieving revision 1.170
retrieving revision 1.171
diff -u -r1.170 -r1.171
--- channels.c 27 Feb 2002 21:23:13 -0000 1.170
+++ channels.c 4 Mar 2002 19:37:58 -0000 1.171
@@ -146,7 +146,7 @@
{
Channel *c;
- if (id < 0 || id > channels_alloc) {
+ if (id < 0 || id >= channels_alloc) {
log("channel_lookup: %d: bad id", id);
return NULL;
} |
| °ü·Ã URL |
CVE-2002-0083 (CVE) |
| °ü·Ã URL |
(SecurityFocus) |
| °ü·Ã URL |
(ISS) |
|
