Ãë¾àÁ¡ID |
22667 |
À§Çèµµ |
30 |
Æ÷Æ® |
80, ... |
ÇÁ·ÎÅäÄÝ |
TCP |
ºÐ·ù |
WWW |
»ó¼¼¼³¸í |
¹è³ÊÁ¤º¸¿¡ µû¸£¸é ¿ø°ÝÀÇ À¥ ¼¹ö¿¡´Â 1.0.0r ÀÌÀüÀÇ OpenSSL ¹öÀüÀÌ ½ÇÇàµÇ°í ÀÖ´Ù. ÇØ´ç ¹öÀüÀº ´ÙÁß Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù.
- ec_asn1.c ÆÄÀÏÀÇ d2i_ECPrivateKey ÇÔ¼ö¿¡ Use-after-free ¿¡·¯°¡ Á¸ÀçÇÏ¿© ¼ºñ½º °ÅºÎ°¡ ¹ß»ýÇÒ ¼ö ÀÖ´Ù. (CVE-2015-0209)
- a_type.c ÆÄÀÏÀÇ ASN1_TYPE_cmp ÇÔ¼ö¿¡¼ BOOLÇü ºñ±³¸¦ ¿Ã¹Ù¸£°Ô ¼öÇàÇÏÁö ¾Ê¾Æ ¼ºñ½º °ÅºÎ°¡ ¹ß»ýÇÒ ¼ö ÀÖ´Ù. (CVE-2015-0286)
- tasn_dec.c ÆÄÀÏÀÇ ASN1_item_ex_d2i ÇÔ¼ö¿¡¼ CHOICE¿Í ADB µ¥ÀÌÅÍ ±¸Á¶¸¦ ´Ù½Ã ÃʱâÈ ÇÏÁö ¾Ê¾Æ ¼ºñ½º °ÅºÎ°¡ ¹ß»ýÇÒ ¼ö ÀÖ´Ù. (CVE-2015-0287)
- x509_req.c ÆÄÀÏÀÇ X509_to_X509_REQ ÇÔ¼ö¿¡¼ ÀÎÁõÅ°¸¦ ¿Ã¹Ù¸£°Ô ó¸®ÇÏÁö ¸øÇØ ¼ºñ½º °ÅºÎ°¡ ¹ß»ýÇÒ ¼ö ÀÖ´Ù. (CVE-2015-0288)
- PKCS#7 ÆÄ½Ì ½Ã ¿ÜºÎ ÄÜÅÙÃ÷ Á¤º¸°¡ ºüÁ®ÀÖ´Â °æ¿ì¸¦ ¿Ã¹Ù¸£°Ô ó¸®ÇÏÁö ¸øÇØ ¼ºñ½º °ÅºÎ°¡ ¹ß»ýÇÒ ¼ö ÀÖ´Ù. (CVE-2015-0289)
- CLIENT-MASTER-KEY ¸Þ½ÃÁö¸¦ ¿Ã¹Ù¸£°Ô ó¸®ÇÏÁö ¸øÇÏ¿© SSLv2 ½ÇÇà ½Ã ¼ºñ½º °ÅºÎ°¡ ¹ß»ýÇÒ ¼ö ÀÖ´Ù. (CVE-2015-0293)
* ¾Ë¸²: ÀÌ Á¡°ËÇ׸ñÀº ÀÌ Ãë¾àÁ¡À» Á¡°ËÇϱâ À§ÇØ ÇØ´ç ¼¹öÀÇ ¹öÀü Á¤º¸¸¸À» È®ÀÎÇÑ´Ù. µû¶ó¼ °ÅÁþ ¾ç¼º¹ÝÀÀ(False Positive)À» º¸ÀÏ ¼ö ÀÖ´Ù.
* Âü°í »çÀÌÆ®: https://www.openssl.org/news/secadv_20150319.txt
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû: 1.0.0r ÀÌÀüÀÇ OpenSSL 1.0.0 |
ÇØ°áÃ¥ |
OpenSSL À¥ »çÀÌÆ®ÀÎ http://www.openssl.org/ ¿¡¼ ±¸ÇÒ ¼ö ÀÖ´Â OpenSSLÀÇ °¡Àå ÃֽŠ¹öÀü(1.0.0r ¶Ç´Â ÀÌÈÄ)À¸·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù. |
°ü·Ã URL |
CVE-2015-0209,CVE-2015-0286,CVE-2015-0287,CVE-2015-0288,CVE-2015-0289,CVE-2015-0293,CVE-2016-0703,CVE-2016-0704 (CVE) |
°ü·Ã URL |
73225,73227,73231,73232,73237,73239 (SecurityFocus) |
°ü·Ã URL |
(ISS) |
|