Ãë¾àÁ¡ID |
23204 |
À§Çèµµ |
40 |
Æ÷Æ® |
139 |
ÇÁ·ÎÅäÄÝ |
TCP |
ºÐ·ù |
Samba |
»ó¼¼¼³¸í |
ÇØ´ç È£½ºÆ®¿¡´Â 3.0.27 ÀÌÀüÀÇ Samba ¼¹öÀÇ ¾î¶² ¹öÀüÀÌ °¡µ¿ ÁßÀÎ °ÍÀ¸·Î ³ªÅ¸³´Ù. Samba´Â SMB/CIFS Ŭ¶óÀ̾ðÆ®µé¿¡°Ô ¾çÁúÀÇ ÆÄÀÏ ¹× ÇÁ¸°Æ® ¼ºñ½ºµéÀ» Á¦°øÇØ ÁÖ´Â °ø°³ ¼Ò½º ±â¹ÝÀÇ ¹«·á ¼ÒÇÁÆ®¿þ¾îÀÌ´Ù. Samba 3.0.27 ÀÌÀüÀÇ 3.0.x ¹öÀüµéÀº ´ÙÀ½°ú °°Àº ¿ø°Ý ÄÚµå ½ÇÇàÀ» Çã¿ëÇØ ÁÙ ¼ö ÀÖ´Â ´ÙÁßÀÇ Ãë¾àÁ¡µé¿¡ Ãë¾àÇÏ´Ù:
- NmbdÀÇ logon ¿äû 󸮿¡¼ÀÇ ½ºÅà ¹öÆÛ ¿À¹öÇ÷οì Ãë¾àÁ¡ (CVE-2007-4572) - À̸§ ÁúÀÇ ¿äûµé¿¡ µÚµû¸¥ À̸§ µî·ÏÀ» ó¸®ÇÏ´Â °úÁ¤¿¡¼ÀÇ Samba WINS ¼¹ö µ¥¸ó(nmbd)¿¡ ÀÖ´Â ¿ø°Ý ÄÚµå ½ÇÇà Ãë¾àÁ¡ (CVE-2007-5398)
* ¾Ë¸²: ¸¸¾à ÀÌ Á¡°ËÇ׸ñÀÌ ÀÌ Ãë¾àÁ¡À» Á¡°ËÇϱâ À§ÇØ ÇØ´ç Samba ¼¹öÀÇ ¹öÀü Á¤º¸¸¸À» È®ÀÎÇÑ´Ù. µû¶ó¼ °ÅÁþ ¾ç¼º¹ÝÀÀ(False Positive)À» º¸ÀÏ ¼ö ÀÖ´Ù.
* Âü°í »çÀÌÆ®: http://us1.samba.org/samba/security/CVE-2007-4572.html http://us1.samba.org/samba/security/CVE-2007-5398.html http://www.securityfocus.com/archive/1/483744 http://www.securityfocus.com/archive/1/483742 http://www.securityfocus.com/archive/1/483743 http://secunia.com/secunia_research/2007-90/advisory/
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû: Samba Project, Samba 3.0.27 ÀÌÀüÀÇ 3.0.x ¹öÀüµé Linux Any version Unix Any version |
ÇØ°áÃ¥ |
Samba À¥ »çÀÌÆ®ÀÎ http://us1.samba.org/samba/ ¿¡¼ ±¸ÇÒ ¼ö ÀÖ´Â SambaÀÇ °¡Àå ÃֽŠ¹öÀü(3.0.27 ȤÀº ÀÌÈÄ)À¸·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù. |
°ü·Ã URL |
CVE-2007-4572,CVE-2007-5398 (CVE) |
°ü·Ã URL |
26454,26455 (SecurityFocus) |
°ü·Ã URL |
38501,38502 (ISS) |
|