| Ãë¾àÁ¡ID |
25075 |
| À§Çèµµ |
30 |
| Æ÷Æ® |
5432 |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
DB |
| »ó¼¼¼³¸í |
PostgreSQL ¼¹öÀÇ ¹öÀü Á¤º¸¿¡ µû¸£¸é ÇØ´ç ¼¹ö¿¡´Â authentication bypass Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù. PostgreSQLÀº SQLÀÇ È®Àå ¼ºê¼Â(subset)À» Áö¿øÇÏ´Â °´Ã¼-°ü°èÇü µ¥ÀÌÅͺ£À̽º °ü¸® ½Ã½ºÅÛ(DBMS) ·Î¼ ¸ðµç ¼Ò½º°¡ °ø°³µÇ¾î ÀÖ´Â ¹«·á ¼ÒÇÁÆ®¿þ¾îÀÌ´Ù.
PostgreSQL ¼¹ö°¡ LDAP ÀÎÁõÀ» »ç¿ëÇÏ°í, anonymous binds ¸¦ Çã¿ëÇÑ´Ù¸é, Blank password ¸¦ ÅëÇÏ¿© ·Î±×ÇÒ¼öÀÖÀ¸¸ç, ¿ø°Ý °ø°ÝÀÚ´Â ÀÌ Ãë¾àÁ¡À» ÀÌ¿ëÇÏ¿© administrator ±ÇÇÑÀ» ȹµæÇÒ¼ö ÀÖ´Ù.
* ¾Ë¸²: ÀÌ Á¡°ËÇ׸ñÀº ÀÌ Ãë¾àÁ¡À» Á¡°ËÇϱâ À§ÇØ ÇØ´ç PostgreSQL ¼¹öÀÇ ¹öÀü Á¤º¸¸¸À» È®ÀÎÇÑ´Ù. µû¶ó¼ °ÅÁþ ¾ç¼º¹ÝÀÀ(False Positive)À» º¸ÀÏ ¼ö ÀÖ´Ù.
* Âü°í »çÀÌÆ®:
http://www.postgresql.org/about/news.1135
http://www.postgresql.org/support/security
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
PostgreSQL 8.2.14/8.3.8 ÀÌÀüÀÇ ¹öÀüµé
¸ðµç ¿î¿µÃ¼Á¦ ¸ðµç ¹öÀü |
| ÇØ°áÃ¥ |
PostgreSQL À¥ ÆäÀÌÁöÀÎ http://www.postgresql.org/ ¿¡¼ ±¸ÇÒ ¼ö ÀÖ´Â PostgreSQLÀÇ °¡Àå ÃֽŠ¹öÀü(8.2.14/8.3.8 ȤÀº ÀÌÈÄ)À¸·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù. |
| °ü·Ã URL |
CVE-2009-3231 (CVE) |
| °ü·Ã URL |
36314 (SecurityFocus) |
| °ü·Ã URL |
(ISS) |
|
