English
¢¸¢· µÚ·Î
Ãë¾àÁ¡ID 19069
À§Çèµµ 40
Æ÷Æ® 79
ÇÁ·ÎÅäÄÝ TCP,UDP
ºÐ·ù DNS
»ó¼¼¼³¸í ISC BIND(Berkeley Internet Name Daemon)´Â DNS (domain name service) ÇÁ·ÎÅäÄÝÀ» ±¸ÇöÇÑ ¼­¹ö À¯Æ¿¸®Æ¼·Î ÀÎÅÍ³Ý »ó¿¡¼­ ±¤¹üÀ§ÇÏ°Ô »ç¿ëµÈ´Ù.
BIND ¼­¹öÀÇ ¹öÀü Á¤º¸¿¡ µû¸£¸é, ISC BIND 9.9.10-P2 ÀÌÀüÀÇ 9.9.x ¹öÀü¿¡´Â ´ÙÀ½°ú °°Àº Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù.

- ¼ö½ÅµÈ ¸Þ½ÃÁö¸¦ ´Ù·ê ¶§, ¡®Transaction Signature (TSIG)¡¯ ÀÎÁõ¿¡ °áÇÕÀÌ Á¸ÀçÇÑ´Ù. ÀÎÁõµÇÁö ¾ÊÀº ¿ø°Ý °ø°ÝÀڴ Ư¼ö Á¦ÀÛµÈ ¿äû ÆÐŶÀ» ÅëÇØ, AXFR ¿äûÀÇ TSIG ÀÎÁõÀ» ¿ìȸÇϱâ À§ÇÏ¿©, ÀÌ Ãë¾àÁ¡À» ¾Ç¿ëÇÒ ¼ö ÀÖ´Ù. ÇØ´ç À̽´¸¦ ¾Ç¿ëÇϱâ À§Çؼ­´Â, °ø°ÝÀÚ´Â ¹Ýµå½Ã Á¤´çÇÑ ±ÇÇÑÀ» °¡Áø DNS ¼­¹ö¿¡ ¸Þ½ÃÁö¸¦ ¼Û¼ö½Å ÇÒ ¼ö ÀÖ¾î¾ß ÇÏ°í, À¯È¿ÇÑ TSIG Å° À̸§À» ¾Ë¾Æ¾ß ÇÑ´Ù. (CVE-2017-3142)

- ¼ö½ÅµÈ ¸Þ½ÃÁö¸¦ ´Ù·ê ¶§, ¡®Transaction Signature (TSIG)¡¯ ÀÎÁõ¿¡ °áÇÕÀÌ Á¸ÀçÇÑ´Ù. ÀÎÁõµÇÁö ¾ÊÀº ¿ø°Ý °ø°ÝÀÚ´Â BIND°¡ Àΰ¡¹ÞÁö ¾ÊÀº µ¿Àû ¾÷µ¥ÀÌÆ®°¡ Çã¿ëÇϵµ·Ï Á¶ÀÛÇϱâ À§ÇØ ÀÌ Ãë¾àÁ¡À» ¾à¿ëÇÒ ¼ö ÀÖ´Ù. ÇØ´ç À̽´¸¦ ¾Ç¿ëÇϱâ À§Çؼ­´Â, °ø°ÝÀÚ´Â ¹Ýµå½Ã Á¤´çÇÑ ±ÇÇÑÀ» °¡Áø DNS ¼­¹ö¿¡ ¸Þ½ÃÁö¸¦ ¼Û¼ö½Å ÇÒ ¼ö ÀÖ¾î¾ß ÇÏ°í, Ÿ°ÙÀÌ µÇ´Â Á¸°ú ¼­ºñ½º¿¡ ´ëÇÑ À¯È¿ÇÑ TSIG Å° À̸§À» ¾Ë¾Æ¾ß ÇÑ´Ù. (CVE-2017-3143)

* Âü°í »çÀÌÆ®:
https://kb.isc.org/article/AA-01503
https://kb.isc.org/article/AA-01504
https://kb.isc.org/article/AA-01505
https://kb.isc.org/article/AA-01506
https://kb.isc.org/article/AA-01507
https://kb.isc.org/article/AA-01508
https://kb.isc.org/article/AA-01509

* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Internet Software Consortium, BIND version 9.9.x < 9.9.10-P2
Any operating system Any version
ÇØ°áÃ¥ Internet Software Consortium (ISC) À¥ »çÀÌÆ®ÀÎ http://www.isc.org/downloads/BIND/ ¿¡¼­ ±¸ÇÒ ¼ö ÀÖ´Â BINDÀÇ °¡Àå ÃֽŠ¹öÀü(9.9.10-P2 ȤÀº ÀÌÈÄ)À¸·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù.
°ü·Ã URL CVE-2017-3142,CVE-2017-3143 (CVE)
°ü·Ã URL 99337,99339 (SecurityFocus)
°ü·Ã URL (ISS)