Ãë¾àÁ¡ID |
14156 |
À§Çèµµ |
30 |
Æ÷Æ® |
22 |
ÇÁ·ÎÅäÄÝ |
TCP |
ºÐ·ù |
SSH |
»ó¼¼¼³¸í |
8.8 ÀÌÀüÀÇ OpenSSH 6.2¿¡¼ 8.xÀÇ 'sshd´Â ±âº»ÀÌ ¾Æ´Ñ ƯÁ¤ ±¸¼ºÀÌ »ç¿ëµÇ´Â °æ¿ì Ãß°¡ ±×·ìÀÌ ¿¹»ó´ë·Î ÃʱâȵÇÁö ¾Ê±â ¶§¹®¿¡ ±ÇÇÑ »ó½ÂÀ» Çã¿ëÇÕ´Ï´Ù. AuthorizedKeysCommand ¹× AuthorizedPrincipalsCommand¿¡ ´ëÇÑ µµ¿ì¹Ì ÇÁ·Î±×·¥Àº ±¸¼ºÀÌ ¸í·ÉÀ» ´Ù¸¥ »ç¿ëÀÚ·Î ½ÇÇàÇϵµ·Ï ÁöÁ¤ÇÏ´Â °æ¿ì sshd ÇÁ·Î¼¼½ºÀÇ ±×·ì ±¸¼º¿ø°ú °ü·ÃµÈ ±ÇÇÑÀ¸·Î ½ÇÇàÇÒ ¼ö ÀÖ½À´Ï´Ù.
* ¾Ë¸²: ÀÌ Á¡°ËÇ׸ñÀº ÀÌ Ãë¾àÁ¡À» Á¡°ËÇϱâ À§ÇØ ÇØ´ç SSH ¼¹öÀÇ ¹è³Ê Á¤º¸¸¸À» È®ÀÎÇÑ´Ù. µû¶ó¼ °ÅÁþ ¾ç¼º¹ÝÀÀ(False Positive)À» º¸ÀÏ ¼ö ÀÖ´Ù.
* Âü°í »çÀÌÆ®: https://www.openwall.com/lists/oss-security/2021/09/26/1 https://www.openssh.com/txt/release-8.8
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû: OpenSSH ¹öÀü 8.8 ÀÌÀüÀÇ ¹öÀüµé ¸ðµç ¿î¿µÃ¼Á¦ ¸ðµç ¹öÀü |
ÇØ°áÃ¥ |
OpenSSHÀÇ À¥ »çÀÌÆ®ÀÎ http://www.openssh.org/ ¿¡¼ ±¸ÇÒ ¼ö ÀÖ´Â OpenSSHÀÇ °¡Àå ÃֽŠ¹öÀü(8.8 ȤÀº ÀÌÈÄ)À¸·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù. |
°ü·Ã URL |
CVE-2021-41617 (CVE) |
°ü·Ã URL |
(SecurityFocus) |
°ü·Ã URL |
(ISS) |
|