English
¢¸¢· µÚ·Î
Ãë¾àÁ¡ID 14156
À§Çèµµ 30
Æ÷Æ® 22
ÇÁ·ÎÅäÄÝ TCP
ºÐ·ù SSH
»ó¼¼¼³¸í 8.8 ÀÌÀüÀÇ OpenSSH 6.2¿¡¼­ 8.xÀÇ 'sshd´Â ±âº»ÀÌ ¾Æ´Ñ ƯÁ¤ ±¸¼ºÀÌ »ç¿ëµÇ´Â °æ¿ì Ãß°¡ ±×·ìÀÌ ¿¹»ó´ë·Î ÃʱâÈ­µÇÁö ¾Ê±â ¶§¹®¿¡ ±ÇÇÑ »ó½ÂÀ» Çã¿ëÇÕ´Ï´Ù. AuthorizedKeysCommand ¹× AuthorizedPrincipalsCommand¿¡ ´ëÇÑ µµ¿ì¹Ì ÇÁ·Î±×·¥Àº ±¸¼ºÀÌ ¸í·ÉÀ» ´Ù¸¥ »ç¿ëÀÚ·Î ½ÇÇàÇϵµ·Ï ÁöÁ¤ÇÏ´Â °æ¿ì sshd ÇÁ·Î¼¼½ºÀÇ ±×·ì ±¸¼º¿ø°ú °ü·ÃµÈ ±ÇÇÑÀ¸·Î ½ÇÇàÇÒ ¼ö ÀÖ½À´Ï´Ù.

* ¾Ë¸²: ÀÌ Á¡°ËÇ׸ñÀº ÀÌ Ãë¾àÁ¡À» Á¡°ËÇϱâ À§ÇØ ÇØ´ç SSH ¼­¹öÀÇ ¹è³Ê Á¤º¸¸¸À» È®ÀÎÇÑ´Ù. µû¶ó¼­ °ÅÁþ ¾ç¼º¹ÝÀÀ(False Positive)À» º¸ÀÏ ¼ö ÀÖ´Ù.

* Âü°í »çÀÌÆ®:
https://www.openwall.com/lists/oss-security/2021/09/26/1
https://www.openssh.com/txt/release-8.8

* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
OpenSSH ¹öÀü 8.8 ÀÌÀüÀÇ ¹öÀüµé
¸ðµç ¿î¿µÃ¼Á¦ ¸ðµç ¹öÀü
ÇØ°áÃ¥ OpenSSHÀÇ À¥ »çÀÌÆ®ÀÎ http://www.openssh.org/ ¿¡¼­ ±¸ÇÒ ¼ö ÀÖ´Â OpenSSHÀÇ °¡Àå ÃֽŠ¹öÀü(8.8 ȤÀº ÀÌÈÄ)À¸·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù.
°ü·Ã URL CVE-2021-41617 (CVE)
°ü·Ã URL (SecurityFocus)
°ü·Ã URL (ISS)