English
¢¸¢· µÚ·Î
Ãë¾àÁ¡ID 23204
À§Çèµµ 40
Æ÷Æ® 139
ÇÁ·ÎÅäÄÝ TCP
ºÐ·ù Samba
»ó¼¼¼³¸í ÇØ´ç È£½ºÆ®¿¡´Â 3.0.27 ÀÌÀüÀÇ Samba ¼­¹öÀÇ ¾î¶² ¹öÀüÀÌ °¡µ¿ ÁßÀÎ °ÍÀ¸·Î ³ªÅ¸³­´Ù. Samba´Â SMB/CIFS Ŭ¶óÀ̾ðÆ®µé¿¡°Ô ¾çÁúÀÇ ÆÄÀÏ ¹× ÇÁ¸°Æ® ¼­ºñ½ºµéÀ» Á¦°øÇØ ÁÖ´Â °ø°³ ¼Ò½º ±â¹ÝÀÇ ¹«·á ¼ÒÇÁÆ®¿þ¾îÀÌ´Ù. Samba 3.0.27 ÀÌÀüÀÇ 3.0.x ¹öÀüµéÀº ´ÙÀ½°ú °°Àº ¿ø°Ý ÄÚµå ½ÇÇàÀ» Çã¿ëÇØ ÁÙ ¼ö ÀÖ´Â ´ÙÁßÀÇ Ãë¾àÁ¡µé¿¡ Ãë¾àÇÏ´Ù:

- NmbdÀÇ logon ¿äû 󸮿¡¼­ÀÇ ½ºÅà ¹öÆÛ ¿À¹öÇ÷οì Ãë¾àÁ¡ (CVE-2007-4572)
- À̸§ ÁúÀÇ ¿äûµé¿¡ µÚµû¸¥ À̸§ µî·ÏÀ» ó¸®ÇÏ´Â °úÁ¤¿¡¼­ÀÇ Samba WINS ¼­¹ö µ¥¸ó(nmbd)¿¡ ÀÖ´Â ¿ø°Ý ÄÚµå ½ÇÇà Ãë¾àÁ¡ (CVE-2007-5398)

* ¾Ë¸²: ¸¸¾à ÀÌ Á¡°ËÇ׸ñÀÌ ÀÌ Ãë¾àÁ¡À» Á¡°ËÇϱâ À§ÇØ ÇØ´ç Samba ¼­¹öÀÇ ¹öÀü Á¤º¸¸¸À» È®ÀÎÇÑ´Ù. µû¶ó¼­ °ÅÁþ ¾ç¼º¹ÝÀÀ(False Positive)À» º¸ÀÏ ¼ö ÀÖ´Ù.

* Âü°í »çÀÌÆ®:
http://us1.samba.org/samba/security/CVE-2007-4572.html
http://us1.samba.org/samba/security/CVE-2007-5398.html
http://www.securityfocus.com/archive/1/483744
http://www.securityfocus.com/archive/1/483742
http://www.securityfocus.com/archive/1/483743
http://secunia.com/secunia_research/2007-90/advisory/


* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Samba Project, Samba 3.0.27 ÀÌÀüÀÇ 3.0.x ¹öÀüµé
Linux Any version
Unix Any version
ÇØ°áÃ¥ Samba À¥ »çÀÌÆ®ÀÎ http://us1.samba.org/samba/ ¿¡¼­ ±¸ÇÒ ¼ö ÀÖ´Â SambaÀÇ °¡Àå ÃֽŠ¹öÀü(3.0.27 ȤÀº ÀÌÈÄ)À¸·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù.
°ü·Ã URL CVE-2007-4572,CVE-2007-5398 (CVE)
°ü·Ã URL 26454,26455 (SecurityFocus)
°ü·Ã URL 38501,38502 (ISS)