English
¢¸¢· µÚ·Î
Ãë¾àÁ¡ID 19009
À§Çèµµ 40
Æ÷Æ® 53
ÇÁ·ÎÅäÄÝ TCP,UDP
ºÐ·ù DNS
»ó¼¼¼³¸í ÇØ´ç Named ¹öÀüÀº DNS resolver ¶óÀ̺귯¸®µéÀÇ ´Ù¼ö ±¸Çöµé¿¡ Á¸ÀçÇÏ´Â ¹öÆÛ ¿À¹öÇ÷οì Ãë¾àÁ¡µéÀ» °¡Áö°í ÀÖ´Ù.
BSD (libc), GNU/Linux (glibc), ISC (Internet Software Consortium)ÀÇ BIND (libbind), ±×¸®°í Sun Solaris (libresolv)¿¡ ÀÖ´Â DNS (Domain Name System) Resolver (Çؼ®±â) ¶óÀ̺귯¸®´Â ¹öÆÛ ¿À¹öÇ÷ο쿡 Ãë¾àÇÏ´Ù. Ãë¾àÇÑ DNS Resolver (Çؼ®±â) ¶óÀ̺귯¸®µéÀ» »ç¿ëÇÏ´Â ¿î¿µÃ¼Á¦¿Í ¾îÇø®ÄÉÀ̼ǵéÀÌ ¸ðµÎ ¿µÇâÀ» ¹Þ´Â´Ù. ¾ÇÀÇÀûÀÎ DNS ÀÀ´äÀ» º¸³¾ ¼ö ÀÖ´Â ¿ø°ÝÁöÀÇ °ø°ÝÀÚ´Â ÀÌ Ãë¾àÁ¡À» µµ¿ëÇÏ¿© Ãë¾àÇÑ ½Ã½ºÅÛ»óÀÇ ÀÓÀÇÀÇ Äڵ带 ½ÇÇà½ÃÅ°°Å³ª, ¼­ºñ½º°ÅºÎ¸¦ À¯¹ß½Ãų ¼ö ÀÖ´Ù.

* ¾Ë¸²: ÀÌ Á¡°ËÇ׸ñÀº Named µ¥¸óÀÇ ¹öÀüÀ» ÅëÇÏ¿© ÀÌ Ãë¾àÁ¡À» Á¡°ËÇÑ´Ù. µû¶ó¼­ °ÅÁþ ¾ç¼º¹ÝÀÀ(false positive)À» º¸ÀÏ ¼öµµ ÀÖ´Ù.

* Ãë¾àÇÑ Ç÷§Æû:
DNS (Domain Name System) resolver ¶óÀ̺귯¸®µéÀÇ Ãë¾àÇÑ ±¸Çö¹°µéÀ» ÀÌ¿ëÇÏ´Â ¾îÇø®ÄÉÀ̼ǵé
- Internet Software Consortium (ISC) Berkeley Internet Name Domain (BIND) DNS resolver library (libbind)
- Berkeley Software Distribution (BSD) DNS resolver library (libc)
- GNU DNS resolver library (glibc)

BIND 4.8¿¡¼­ BIND 4.9.9 ÀÌÀüÀÇ ¸ðµç BIND 4ÀÇ ¹öÀüµé
BIND 8.2.6 ÀÌÀüÀÇ ¸ðµç BIND 8 ¹öÀüµé
BIND 8.3.3 ÀÌÀüÀÇ ¸ðµç BIND 8.3.x ¹öÀüµé
BIND 9.2.0°ú BIND 9.2.1 BIND ¹öÀüµé (BIND 9.0.x ¿Í BIND 9.1.x´Â Á¦¿Ü)

Caldera UnixWare 7.1.1
Conectiva Linux 6.0, 7.0, 8.0
FreeBSD 4.6-RELEASE ÀÌÀü ¹öÀü
Mandrake Linux 7.1, 7.2
Mandrake Linux Corporate Server 1.0.1
Mandrake Single Network Firewall 7.2
NetBSD 1.4.x, 1.5, 1.5.1, 1.5.2, 1.6 beta
NetBSD-current pre20020626
OpenBSD 2.9, 3.0, 3.1
OpenPKG 1.0
Red Hat Linux 6.2, 7.0, 7.1, 7.2, 7.3
Solaris 2.5.1, 2.6, 7, 8, 9
SuSE Linux 7.0 ~ 7.3, 8.0
SuSE Linux Database Server ¸ðµç ¹öÀü
SuSE Linux Enterprise Server 7
SuSE Linux Enterprise Server for S/390 S/390
SuSE Linux Firewall ¸ðµç ¹öÀü
SuSE eMail Server III ¸ðµç ¹öÀü
HP Tru64 UNIX 4.0f, 4.0g, 5.0a, 5.1a
Trustix Secure Linux 1.1, 1.2, 1.5

* Âü°í »çÀÌÆ®:
http://online.securityfocus.com/bid/5100
ÇØ°áÃ¥ ISC BIND 8.2.5 ÀÌÇÏ:
´ÙÀ½ Internet Software Consortium À¥»çÀÌÆ®¿¡¼­ BIND ¹öÀü 8.3.3 ȤÀº ÀÌÈÄ ¹öÀüÀ» ¹Þ¾Æ ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù:
http://www.isc.org/products/BIND/

FreeBSD 4.6-RELEASE ÀÌÇÏ:
´ÙÀ½ FreeBSD º¸¾È ±Ç°í¾È FreeBSD-SA-02:28.resolv¸¦ Âü°íÇÏ¿© ÀûÀýÇÑ ÆÐÄ¡¸¦ Àû¿ëÇÏ¿©¾ß ÇÑ´Ù:
http://online.securityfocus.com/advisories/4236

NetBSD:
´ÙÀ½ NetBSD º¸¾È ±Ç°í¾È 2002-006À» Âü°íÇÏ¿© ÀûÀýÇÑ ÆÐÄ¡¸¦ Àû¿ëÇÏ¿©¾ß ÇÑ´Ù:
http://www.netbsd.org/support/security/

OpenBSD 2.9:
´ÙÀ½ »çÀÌÆ®ÀÇ OpenBSD 2.9 errata ³»¿ë Áß "027: SECURITY FIX: June 25, 2002"¸¦ Âü°íÇÏ¿© ÀûÀýÇÑ ÆÐÄ¡¸¦ Àû¿ëÇÏ¿©¾ß ÇÑ´Ù:
http://www.openbsd.org/errata.html#resolver

OpenBSD 3.0:
´ÙÀ½ »çÀÌÆ®ÀÇ OpenBSD 3.0 errata ³»¿ë Áß "025: SECURITY FIX: June 25, 2002"¸¦ Âü°íÇÏ¿© ÀûÀýÇÑ ÆÐÄ¡¸¦ Àû¿ëÇÏ¿©¾ß ÇÑ´Ù:
http://www.openbsd.org/errata30.html#resolver

OpenBSD 3.1:
´ÙÀ½ »çÀÌÆ®ÀÇ OpenBSD 3.1 errata ³»¿ë Áß "007: SECURITY FIX: June 25, 2002"¸¦ Âü°íÇÏ¿© ÀûÀýÇÑ ÆÐÄ¡¸¦ Àû¿ëÇÏ¿©¾ß ÇÑ´Ù:
http://www.openbsd.org/errata29.html#resolver

Sun Solaris:
Vender¿Í »óÀÇÇÏ¿© OS¿¡ ¸Â´Â ÀûÀýÇÑ ÆÐÄ¡¸¦ Àû¿ëÇÑ´Ù:
Sun Solaris 7.0 : T106938-06
Sun Solaris 8_sparc : T109326-09

±âŸ ¹èÆ÷Æǵé:
¾÷±×·¹À̵峪 ÆÐÄ¡Á¤º¸¸¦ °¢ º¥´õ¿¡ ¹®ÀÇÇÏ¿© ÆľÇÇØ¾ß ÇÑ´Ù. ȤÀº CERT ±Ç°í¾È CA-2002-19¸¦ Âü°íÇÒ ¼öµµ ÀÖ´Ù:
http://www.cert.org/advisories/CA-2002-19.html
°ü·Ã URL CVE-2002-0651,CVE-2002-0684 (CVE)
°ü·Ã URL (SecurityFocus)
°ü·Ã URL (ISS)