English
¢¸¢· µÚ·Î
Ãë¾àÁ¡ID 23314
À§Çèµµ 30
Æ÷Æ® 139
ÇÁ·ÎÅäÄÝ TCP
ºÐ·ù Samba
»ó¼¼¼³¸í ¿ø°Ý È£½ºÆ®¿¡¼­ ½ÇÇàµÇ´Â SambaÀÇ ¹öÀüÀº 4.10.17 ÀÌÀü 4.x, 4.11.11 ÀÌÀü 4.11.x ¶Ç´Â 4.12.4 ÀÌÀü 4.12.xÀÔ´Ï´Ù. µû¶ó¼­ ´ÙÀ½À» Æ÷ÇÔÇÑ ¿©·¯ Ãë¾àÁ¡ÀÇ ¿µÇâÀ»¹Þ½À´Ï´Ù.

-Samba 4.0ÀÇ AD DC NBT ¼­¹ö´Â CPU ½ºÇÉ¿¡ µé¾î°¡°í Æ÷Æ® 137¿¡ ºñ¾îÀÖ´Â ±æÀÌ°¡ 0 ÀÎ UDP ÆÐŶÀ» ¼ö½ÅÇϸé Ãß°¡ ¿äûÀ» ó¸®ÇÏÁö ¾Ê½À´Ï´Ù. (CVE-2020-14303)

-TCP / IP À̸§ È®ÀÎÀ» ÅëÇÑ NetBIOS¿¡ ´ëÇÑ ÀÀ´ä ¾ÐÃà ¹× UDP ÆÐŶÀ¸·Î Á¦°ø µÉ ¼öÀÖ´Â DNS ÆÐŶÀÌ Samba AD DC¿¡¼­ °úµµÇÑ ¾çÀÇ CPU¸¦ ¼ÒºñÇϱâ À§ÇØ ³²¿ë µÉ ¼ö ÀÖ½À´Ï´Ù. CVE-2020-10745)

-AD DCÀÇ ±Û·Î¹ú Ä«Å»·Î±× LDAP ¼­¹ö¿¡ ´ëÇØ paged_results ¶Ç´Â VLV ÄÁÆ®·ÑÀ» »ç¿ëÇϸé ÇØÁ¦ ÈÄ »ç¿ëÀÌ ¹ß»ýÇÕ´Ï´Ù. (CVE-2020-10760)

* Âü°í »çÀÌÆ®:
https://www.samba.org/samba/security/CVE-2020-10730.html
https://www.samba.org/samba/security/CVE-2020-10760.html
https://www.samba.org/samba/security/CVE-2020-10745.html
https://www.samba.org/samba/security/CVE-2020-14303.html
https://www.samba.org/samba/latest_news.html#4.12.4

* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Samba Project, Samba versions 4.10.17 ÀÌÀüÀÇ 4.10.x ¹öÀüµé
Linux Any version
Unix Any version
ÇØ°áÃ¥ Samba À¥ »çÀÌÆ®ÀÎ https://www.samba.org/samba/download/¿¡¼­ ±¸ÇÒ ¼ö ÀÖ´Â SambaÀÇ °¡Àå ÃֽŠ¹öÀü (4.10.17 ȤÀº ÀÌÈÄ ¹öÀü)À¸·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù.
°ü·Ã URL CVE-2020-10730,CVE-2020-10745,CVE-2020-10760,CVE-2020-14303 (CVE)
°ü·Ã URL (SecurityFocus)
°ü·Ã URL (ISS)