| Ãë¾àÁ¡ID |
14022 |
| À§Çèµµ |
40 |
| Æ÷Æ® |
22 |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
Ssh |
| »ó¼¼¼³¸í |
ÇØ´ç SSH µ¥¸óÀÇ ¹öÀüÀÌ 1.2.32 º¸´Ù ³·Àº ¹öÀüÀ̰ųª OpenSSH 2.3.0º¸´Ù ³·Àº ¹öÀüÀÌ´Ù.
ÀÌ ¹öÀüµéÀº Attacker°¡ CRC-32 º¸»ó(compensation) ¹æ¹ýÀ» ÅëÇÏ¿© ssh ½ºÆ®¸²³»¿¡ ÀÓÀÇÀÇ ¸í·ÉµéÀ» »ðÀÔÇÒ ¼ö ÀÖ°Ô ÇØÁØ´Ù. ¾ÏÈ£ÈµÈ ssh ½ºÆ®¸²À¸·Î Access°¡ °¡´ÉÇÑ Attacker´Â ssh ¼¹ö»ó¿¡¼ ½ÇÇàµÉ ¼ö ÀÖ´Â ÀÓÀÇÀÇ ¸í·ÉµéÀÌ µé¾îÀÖ´Â ¾ÏÈ£È ºí·°µéÀ» ±× ½ºÆ®¸²¿¡ »ðÀÔÇÒ ¼ö ÀÖ´Ù.
* ¸¸¾à Kerberos¸¦ ÀÌ¿ëÇÏÁö ¾Ê´Â´Ù¸é ÀÌ Ãë¾àÁ¡Àº ¹«½ÃÇÏ¿©µµ µÊ
* Âü°í »çÀÌÆ®:
http://www.securityfocus.com/bid/2347
http://www.core-sdi.com/english/ssh/ |
| ÇØ°áÃ¥ |
SSH ¹öÀü 1.2.32, ±×¸®°í OpenSSHÀÏ °æ¿ì ¹öÀü 2.3.0/2.3.2 ÀÌ»óÀ¸·Î ¾÷±×·¹À̵åÇÏ¿©¾ß ÇÑ´Ù. (OpenSSH ¹öÀü 2.3.1ÀÇ °æ¿ì ÀÎÁõü°è¿¡ °ü·ÃµÈ ½É°¢ÇÑ °áÇÔÀ» °¡Áö°í ÀÖ´Ù.) |
| °ü·Ã URL |
CVE-2001-0144 (CVE) |
| °ü·Ã URL |
(SecurityFocus) |
| °ü·Ã URL |
(ISS) |
|
