Ãë¾àÁ¡ID |
22767 |
À§Çèµµ |
40 |
Æ÷Æ® |
80, ... |
ÇÁ·ÎÅäÄÝ |
TCP |
ºÐ·ù |
WWW |
»ó¼¼¼³¸í |
¹è³Ê Á¤º¸¿¡ ÀÇÇÏ¸é ¿ø°Ý È£½ºÆ®¿¡ OpenSSL 1.0.2k ÀÌÀüÀÇ 1.0.2 ¾î¶² ¹öÀüÀÌ ¼³Ä¡µÇ¾î ÀÖÀ¸¸ç ´ÙÀ½ÀÇ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù.
- ±æÀÌ°¡ ³ª´©¾î ¶³¾îÁöÁö¸¸ 256ºñÆ®º¸´Ù Å« ÀÔ·ÂÀ» ó¸®ÇÒ ¶§ Broadwell-specific Montgomery °ö¼À ÀýÂ÷¿¡¼ ¿À·ù°¡ ¹ß»ýÇÑ´Ù. ÀÌ·Î ÀÎÇØ °ø°ÝÀÚ´Â ECDH Å° Çù»óÀ» ¿Ã¹Ù¸£°Ô ÇÏÁö ¸øÇÏ°Ô ÇÏ¿© man-in-the-middle °ø°ÝÀ» ¼öÇàÇÒ ¼ö ÀÖ´Ù. (CVE-
2016-7055)
- CHACHA20/POLY1305 ¶Ç´Â RC4-MD5 ¾ÏÈ£¸¦ »ç¿ëÇÑ ÆÐŶÀ» ó¸®ÇÒ ¶§ ¸Þ¸ð¸®ÀÇ °æ°è¸¦ ¹þ¾î³ °÷À» ÀоîµéÀÌ´Â ¿À·ù°¡ ¹ß»ýÇÑ´Ù. ÀÌ·Î ÀÎÇØ °ø°ÝÀÚ´Â ¼ºñ½º °ÅºÎ¸¦ ÀÏÀ¸Å³ ¼ö ÀÖ´Ù. (CVE-2017-3731)
- Montgomery Á¦°ö ½ÇÇà ½Ã Carry-Propagate ¿À·ù°¡ ¹ß»ýÇÏ¿© BN_mod_exp() ÇÔ¼ö¿¡¼ À߸øµÈ °á°ú°¡ »ý¼ºµÈ´Ù. ÀÌ·Î ÀÎÇØ °ø°ÝÀÚ´Â °³ÀÎÅ°¿Í °ü·ÃµÈ ¹Î°¨ÇÑ Á¤º¸¸¦ ȹµæÇÒ ¼ö ÀÖ´Ù. (CVE-2017-3732)
* ¾Ë¸²: ÀÌ Á¡°ËÇ׸ñÀº ÀÌ Ãë¾àÁ¡À» Á¡°ËÇϱâ À§ÇØ ¹öÀü Á¤º¸¸¸À» È®ÀÎÇÑ´Ù. µû¶ó¼ °ÅÁþ ¾ç¼º¹ÝÀÀ(False Positive)À» º¸ÀÏ ¼ö ÀÖ´Ù.
* Âü°í »çÀÌÆ®: https://www.openssl.org/news/secadv/20170126.txt
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû: 1.0.2k ÀÌÀüÀÇ OpenSSL 1.0.2 Linux Any version Unix Any version Microsoft Windows Any version |
ÇØ°áÃ¥ |
OpenSSL À¥ »çÀÌÆ®ÀÎ http://www.openssl.org/ ¿¡¼ ±¸ÇÒ ¼ö ÀÖ´Â OpenSSLÀÇ °¡Àå ÃֽŠ¹öÀü(1.0.2k ¶Ç´Â ÀÌÈÄ)À¸·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù. |
°ü·Ã URL |
CVE-2016-7055,CVE-2017-3731,CVE-2017-3732 (CVE) |
°ü·Ã URL |
94242,95813,95814 (SecurityFocus) |
°ü·Ã URL |
(ISS) |
|