| Ãë¾àÁ¡ID |
23196 |
| À§Çèµµ |
40 |
| Æ÷Æ® |
139 |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
Samba |
| »ó¼¼¼³¸í |
ÇØ´ç È£½ºÆ®¿¡´Â 3.0.25 ÀÌÀüÀÇ Samba ¼¹öÀÇ ¾î¶² ¹öÀüÀÌ °¡µ¿ ÁßÀÎ °ÍÀ¸·Î ³ªÅ¸³´Ù. Samba´Â SMB/CIFS Ŭ¶óÀ̾ðÆ®µé¿¡°Ô ¾çÁúÀÇ ÆÄÀÏ ¹× ÇÁ¸°Æ® ¼ºñ½ºµéÀ» Á¦°øÇØ ÁÖ´Â °ø°³ ¼Ò½º ±â¹ÝÀÇ ¹«·á ¼ÒÇÁÆ®¿þ¾îÀÌ´Ù. Samba 3.0.25 ÀÌÀüÀÇ 3.0.x ¹öÀüµéÀº ´ÙÀ½°ú °°Àº ¿ø°Ý ÄÚµå ½ÇÇàÀ» Çã¿ëÇØ ÁÙ ¼ö ÀÖ´Â ´ÙÁßÀÇ Ãë¾àÁ¡µé¿¡ Ãë¾àÇÏ´Ù:
- Local SID/Name Àüȯ(translation)»óÀÇ ¹ö±× (CVE-2007-0452) :±ÇÇÑ »ó½Â
- ´ÙÁßÀÇ Èü ¿À¹öÇ÷οìµé (CVE-2007-0454) :¿ø°Ý ÄÚµå ½ÇÇà
- ÇÊÅ͸µµÇÁö ¾Ê´Â »ç¿ëÀÚ ÀÔ·Â Àμöµé (CVE-2007-0453) :¿ø°Ý ¸í·É ½ÇÇà
* ¾Ë¸²: ¸¸¾à ÀÌ Á¡°ËÇ׸ñÀÌ ÀÌ Ãë¾àÁ¡À» Á¡°ËÇϱâ À§ÇØ ÇØ´ç Samba ¼¹öÀÇ ¹öÀü Á¤º¸¸¸À» È®ÀÎÇÑ´Ù. µû¶ó¼ °ÅÁþ ¾ç¼º¹ÝÀÀ(False Positive)À» º¸ÀÏ ¼ö ÀÖ´Ù.
* Âü°í »çÀÌÆ®:
http://www.samba.org/samba/security/CVE-2007-2444.html
http://www.samba.org/samba/security/CVE-2007-2446.html
http://www.samba.org/samba/security/CVE-2007-2447.html
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=534
http://www.zerodayinitiative.com/advisories/ZDI-07-029.html
http://www.zerodayinitiative.com/advisories/ZDI-07-030.html
http://www.zerodayinitiative.com/advisories/ZDI-07-031.html
http://www.zerodayinitiative.com/advisories/ZDI-07-032.html
http://www.zerodayinitiative.com/advisories/ZDI-07-033.html
http://www.kb.cert.org/vuls/id/268336
http://www.kb.cert.org/vuls/id/773720
http://secunia.com/advisories/25232/
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Samba Project, Samba 3.0.25 ÀÌÀüÀÇ 3.0.x ¹öÀüµé
Samba Project, Samba 3.0.25pre(0~2) ¹öÀüµé
Samba Project, Samba 3.0.25rc(0~3) ¹öÀüµé
Linux Any version
Unix Any version |
| ÇØ°áÃ¥ |
Samba À¥ »çÀÌÆ®ÀÎ http://us1.samba.org/samba/ ¿¡¼ ±¸ÇÒ ¼ö ÀÖ´Â SambaÀÇ °¡Àå ÃֽŠ¹öÀü(3.0.25 ȤÀº ÀÌÈÄ)À¸·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù. |
| °ü·Ã URL |
CVE-2007-2444,CVE-2007-2446,CVE-2007-2447 (CVE) |
| °ü·Ã URL |
23972,23973,23974,24195,24196,24197,24198 (SecurityFocus) |
| °ü·Ã URL |
34307,34309,34311,34312,34314,34315,34316 (ISS) |
|
