Ãë¾àÁ¡ID |
23251 |
À§Çèµµ |
30 |
Æ÷Æ® |
139 |
ÇÁ·ÎÅäÄÝ |
TCP |
ºÐ·ù |
Samba |
»ó¼¼¼³¸í |
¿ø°Ý È£½ºÆ®¿¡ 4.2.14 ÀÌÀü 4.2.x ¹öÀüÀÇ Samba °¡ ¼³Ä¡µÇ¾î ÀÖÀ¸¸ç, ÇØ´ç ¹öÀüÀº SMB2¿Í SMB3 Ŭ¶óÀ̾ðÆ® ¿¬°áÀ» ó¸®ÇÒ ¶§ libcli/smb/smbXcli_base.c¿¡¼ ¿À·ù°¡ ¹ß»ýÇÑ´Ù. ÀÌ·Î ÀÎÇØ °ø°ÝÀڴ Ŭ¶óÀ̾ðÆ® ¿¬°á À» À§ÇÑ »çÀÎÀÇ µî±ÞÀ» ³·Ãß±â À§ÇØ SMB2_SESSION_FLAG_IS_GUEST ¶Ç´Â SMB2_SESSION_FLAG_IS_NULL Ç÷¡±×¸¦ ÁÖÀÔÇÏ¿© SMB2¿Í SMB3 ¼¹öÀÎ °Íó·³ ¼Ó¿© man-in-the-middle °ø°ÝÀ» ½ÃµµÇÒ ¼ö ÀÖ´Ù.
* ¾Ë¸²: ¸¸¾à ÀÌ Á¡°ËÇ׸ñÀÌ ÀÌ Ãë¾àÁ¡À» Á¡°ËÇϱâ À§ÇØ ÇØ´ç Samba ¼¹öÀÇ ¹öÀü Á¤º¸¸¸À» È®ÀÎÇÑ´Ù. µû¶ó¼ °ÅÁþ ¾ç¼º¹ÝÀÀ(False Positive)À» º¸ÀÏ ¼ö ÀÖ´Ù.
* Âü°í »çÀÌÆ®: https://www.samba.org/samba/security/CVE-2016-2119.html http://www.samba.org/samba/history/samba-4.2.14.html
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû: Samba Project, Samba versions 4.2.14 ÀÌÀü 4.2.x ¹öÀü Linux Any version Unix Any version |
ÇØ°áÃ¥ |
Samba À¥ »çÀÌÆ®ÀÎ https://www.samba.org/samba/download/¿¡¼ ±¸ÇÒ ¼ö ÀÖ´Â SambaÀÇ °¡Àå ÃֽŠ¹öÀü (4.2.14 ȤÀº ÀÌÈÄ ¹öÀü)À¸·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù. |
°ü·Ã URL |
CVE-2016-2119 (CVE) |
°ü·Ã URL |
91700 (SecurityFocus) |
°ü·Ã URL |
(ISS) |
|