English
¢¸¢· µÚ·Î
Ãë¾àÁ¡ID 210252
À§Çèµµ 40
Æ÷Æ® 80, ...
ÇÁ·ÎÅäÄÝ TCP
ºÐ·ù WWW
»ó¼¼¼³¸í ¿ø°Ý È£½ºÆ®¿¡ ¼³Ä¡µÈ OpenSSLÀº 1.1.1p ÀÌÀü ¹öÀüÀÔ´Ï´Ù. µû¶ó¼­ 1.1.1p ±Ç°í¿¡ ¼³¸íµÈ Ãë¾àÁ¡ÀÇ ¿µÇâÀ» ¹Þ½À´Ï´Ù.

- CVE-2022-1292 ¿¡¼­ ½Äº°µÈ c_rehash shell ¸í·É ÀÎÁ§¼Ç ¿Ü¿¡µµ, c_rehash ½ºÅ©¸³Æ®°¡ Ä¿¸Çµå ÀÎÁ§¼ÇÀ» ¹æÁöÇϱâ À§ÇÑ shell ¸ÞŸ ¹®ÀÚ¸¦ ÀûÀýÇÏ°Ô »èÁ¦ÇÏÁö ¾Ê´Â Ãß°¡ Ãë¾àÁ¡ÀÌ Äڵ帮ºä Áß È®ÀεǾú´Ù. (CVE-2022-1292)ÀÌ ÆÐÄ¡ µÉ ¶§ ±îÁö ÇØ´ç ¹®Á¦Á¡Àº ¹ß°ßµÇÁö ¾Ê¾Ò±â ¶§¹®¿¡, ÀáÀçµÈ Ãë¾àÁ¡À» ÅëÇÏ¿© ½ºÅ©¸³Æ® ±ÇÇÑÀ¸·Î ÀÓÀÇ ¸í·É½ÇÇà À» ÇÒ ¼ö ÀÖ°Ô µÈ °ÍÀÌ´Ù. ÀÌ ½ºÅ©¸³Æ®´Â ÀϺΠ¿î¿µ üÁ¦¿¡¼­ ÀÚµ¿À¸·Î ½ÇÇàµÇ´Â ¹æ½ÄÀ¸·Î ¹èÆ÷µË´Ï´Ù. ÀÌ·¯ÇÑ ¿î¿µ üÁ¦¿¡¼­ °ø°ÝÀÚ´Â ½ºÅ©¸³Æ®ÀÇ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ¸í·ÉÀ» ½ÇÇàÇÒ ¼ö ÀÖ½À´Ï´Ù. c_rehash ½ºÅ©¸³Æ®´Â »ç¿ëµÇÁö ¾Ê´Â °ÍÀ¸·Î °£ÁֵǸç OpenSSL rehash ¸í·ÉÁÙ µµ±¸·Î ¹Ù²ã¾ß ÇÕ´Ï´Ù. OpenSSL 3.0.4¿¡¼­ ¼öÁ¤µÇ¾ú½À´Ï´Ù(3.0.0, 3.0.1, 3.0.2 ¹× 3.0.3ÀÌ ¿µÇâÀ» ¹ÞÀ½). OpenSSL 1.1.1p¿¡¼­ ¼öÁ¤µÇ¾ú½À´Ï´Ù(1.1.1-1.1.1o°¡ ¿µÇâÀ» ¹ÞÀ½). OpenSSL 1.0.2zf¿¡¼­ ¼öÁ¤µÇ¾ú½À´Ï´Ù(1.0.2-1.0.2ze°¡ ¿µÇâÀ» ¹ÞÀ½). (CVE-2022-2068)

* Âü°í »çÀÌÆ®:
https://cve.org/CVERecord?id=CVE-2022-2068
https://github.com/openssl/openssl/commit/9639817dac8bbbaa64d09efad7464ccc405527c7
https://www.openssl.org/news/secadv/20220621.txt

* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
1.1.1p ÀÌÀüÀÇ OpenSSL 1.1.1 ¹öÀüµé
Linux Any version
Unix Any version
Microsoft Windows Any version
ÇØ°áÃ¥ OpenSSL À¥ »çÀÌÆ®ÀÎ http://www.openssl.org/ ¿¡¼­ ±¸ÇÒ ¼ö ÀÖ´Â OpenSSLÀÇ °¡Àå ÃֽŠ¹öÀü(1.1.1p ¶Ç´Â ÀÌÈÄ)À¸·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù.
°ü·Ã URL CVE-2022-2068 (CVE)
°ü·Ã URL (SecurityFocus)
°ü·Ã URL (ISS)