Ãë¾àÁ¡ID |
19107 |
À§Çèµµ |
40 |
Æ÷Æ® |
53 |
ÇÁ·ÎÅäÄÝ |
UDP |
ºÐ·ù |
DNS |
»ó¼¼¼³¸í |
¿ø°Ý È£½ºÆ®¿¡ ¼³Ä¡µÈ ISC BIND ¹öÀüÀº Å×½ºÆ® ¹öÀü ÀÌÀüÀÔ´Ï´Ù. µû¶ó¼ CVE-2024-4076, CVE-2024-1975, CVE-2024-1737 ±Ç°í¿¡ ¼³¸íµÈ ´ÙÁß Ãë¾àÁ¡ÀÇ ¿µÇâ ¹Þ½À´Ï´Ù.
- ¿À·¡µÈ µ¥ÀÌÅ͸¦ Á¦°øÇÏ°Ô ¸¸µå´Â Ŭ¶óÀ̾ðÆ® Äõ¸®¿Í ·ÎÄà ±ÇÇÑ ¿µ¿ª µ¥ÀÌÅÍ¿¡¼ÀÇ Á¶È¸°¡ ÇÊ¿äÇÑ Äõ¸®°¡ µ¿½Ã¿¡ ¹ß»ýÇÏ¸é ¾î¼³¼Ç ½ÇÆÐ(assertion failure)¸¦ ÀÏÀ¸Å³ ¼ö ÀÖ½À´Ï´Ù (CVE-2024-4076). - ¼¹ö°¡ "KEY" ¸®¼Ò½º ·¹Äڵ带 Æ÷ÇÔÇÑ ¿µ¿ªÀ» È£½ºÆÃÇϰųª, ¸®Á¹¹ö°¡ ij½Ã¿¡ ÀÖ´Â DNSSEC ¼¸íµÈ µµ¸ÞÀÎÀÇ "KEY" ¸®¼Ò½º ·¹Äڵ带 DNSSEC °ËÁõÇÏ´Â °æ¿ì, Ŭ¶óÀ̾ðÆ®°¡ SIG(0) ¼¸íµÈ ¿äû ½ºÆ®¸²À» º¸³» ¸®Á¹¹öÀÇ CPU ¸®¼Ò½º¸¦ °í°¥½Ãų ¼ö ÀÖ½À´Ï´Ù (CVE-2024-1975). - µ¿ÀÏÇÑ È£½ºÆ® À̸§¿¡ ´ëÇØ »ó´çÇÑ ¼öÀÇ RR(¸ðµç RTYPE)À» º¸À¯ÇÏ°í ÀÖ´Â ¸®Á¹¹ö ij½Ã¿Í ±ÇÇÑ ¿µ¿ª µ¥ÀÌÅͺ£À̽º´Â ÄÜÅÙÃ÷°¡ Ãß°¡µÇ°Å³ª ¾÷µ¥ÀÌÆ®µÉ ¶§, ±×¸®°í ÀÌ À̸§¿¡ ´ëÇÑ Å¬¶óÀ̾ðÆ® Äõ¸®¸¦ ó¸®ÇÒ ¶§ ¼º´ÉÀÌ ÀúÇ쵃 ¼ö ÀÖ½À´Ï´Ù (CVE-2024-1737).
* Âü°í »çÀÌÆ®: https://kb.isc.org/docs/cve-2024-4076 https://nvd.nist.gov/vuln/detail/CVE-2024-4076 https://kb.isc.org/docs/cve-2024-1975 https://nvd.nist.gov/vuln/detail/CVE-2024-1975 https://kb.isc.org/docs/cve-2024-1737 https://nvd.nist.gov/vuln/detail/CVE-2024-1737
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû: ISC BIND ¹öÀü 9.16.0 < 9.16.50 Any operating system Any version |
ÇØ°áÃ¥ |
Internet Software Consortium (ISC) À¥ »çÀÌÆ®ÀÎ http://www.isc.org/downloads/BIND/ ¿¡¼ ±¸ÇÒ ¼ö ÀÖ´Â BINDÀÇ °¡Àå ÃֽŠ¹öÀü(9.20.0 ȤÀº ÀÌÈÄ)À¸·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù. |
°ü·Ã URL |
CVE-2024-1737, CVE-2024-1975, CVE-2024-4076 (CVE) |
°ü·Ã URL |
103189 (SecurityFocus) |
°ü·Ã URL |
(ISS) |
|