English
¢¸¢· µÚ·Î
Ãë¾àÁ¡ID 22553
À§Çèµµ 30
Æ÷Æ® 80, ...
ÇÁ·ÎÅäÄÝ TCP
ºÐ·ù WWW
»ó¼¼¼³¸í ¹è³ÊÁ¤º¸¿¡ µû¸£¸é ¿ø°ÝÀÇ À¥ ¼­¹ö¿¡´Â 0.9.8x ÀÌÀüÀÇ OpenSSL ¹öÀüÀÌ ½ÇÇàµÇ°í ÀÖ´Ù. ÇØ´ç ¹öÀüÀº ¼­ºñ½º °ÅºÎ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù.

'ssl/d1_enc.c' ÆÄÀÏÀÇ 'dtls1_enc'ÇÔ¼ö¿¡ Á¤¼ö integer underflow Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù.
CBC ¸ðµå¿¡¼­ TLS/DTLS ·¹ÄÚµå ±æÀÌ¿Í º¤ÅͱæÀÌ°¡ Á¦´ë·Î ´Ù·ç¾î ÁöÁö ¾Ê¾Æ memory corruptionÀÌ Á¸ÀçÇϸç Å©·¡½¬ µÉ ¼ö ÀÖ´Ù.

* ¾Ë¸²: ÀÌ Á¡°ËÇ׸ñÀº ÀÌ Ãë¾àÁ¡À» Á¡°ËÇϱâ À§ÇØ ÇØ´ç ¼­¹öÀÇ ¹öÀü Á¤º¸¸¸À» È®ÀÎÇÑ´Ù. µû¶ó¼­ °ÅÁþ ¾ç¼º¹ÝÀÀ(False Positive)À» º¸ÀÏ ¼ö ÀÖ´Ù.

* Âü°í »çÀÌÆ®:
http://openssl.org/news/secadv_20120510.txt
http://www.openssl.org/news/changelog.html
http://cvs.openssl.org/chngview?cn=22547
https://bugzilla.redhat.com/show_bug.cgi?id=820686

* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
0.9.8x ÀÌÀüÀÇ OpenSSL 0.9.8
ÇØ°áÃ¥ OpenSSL À¥ »çÀÌÆ®ÀÎ http://www.openssl.org/ ¿¡¼­ ±¸ÇÒ ¼ö ÀÖ´Â OpenSSLÀÇ °¡Àå ÃֽŠ¹öÀü(0.9.8x ¶Ç´Â ÀÌÈÄ)À¸·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù.
°ü·Ã URL CVE-2012-2333 (CVE)
°ü·Ã URL 53476 (SecurityFocus)
°ü·Ã URL (ISS)