English
¢¸¢· µÚ·Î
Ãë¾àÁ¡ID 26005
À§Çèµµ 40
Æ÷Æ® 139,445
ÇÁ·ÎÅäÄÝ TCP
ºÐ·ù SMB
»ó¼¼¼³¸í 'Multiple UNC Provider¿¡ ÀÖ´Â ¹öÆÛ ¿À¹öÇ÷οì'¿¡ ´ëÇÑ Hotfix°¡ ¼³Ä¡µÇÁö ¾Ê¾Ò´Ù. Multiple UNC ¸¶ÀÌÅ©·Î¼ÒÇÁÆ® À©µµ¿ìÁî ¿î¿µÃ¼Á¦ÀÇ Multiple UNC Provider (MUP)¿¡ ÀÖ´Â ¹öÆÛ ¿À¹öÇ÷οì´Â ·ÎÄà »ç¿ëÀÚµéÀÇ ±ä UNC ¿äûÀ» ÅëÇØ ¼­ºñ½º °ÅºÎ °ø°ÝÀ» ÇÒ ¼ö ÀÖ°Ô ÇØ Áְųª SYSTEM ±ÇÇÑÀ» ȹµæÇÏ°Ô ÇØ ÁÙ ¼ö ÀÖ´Ù.
Multiple UNC Provider (MUP)´Â UNC (uniform naming convention)¸¦ ÅëÇØ ½Äº°µÇ´Â ³×Æ®¿öÅ© ÀÚ¿øµéÀÇ À§Ä¡¸¦ ÆľÇÇØ ÁÖ´Â À©µµ¿ìÁî ¼­ºñ½ºÀÌ´Ù. MUP°¡ ¾ÖÇø®ÄÉÀ̼ǵé·ÎºÎÅÍ UNC ¸íµéÀ» Æ÷ÇÔÇÑ ¸í·ÉµéÀ» ¹ÞÀ¸¸é °¢°¢ÀÇ µî·ÏµÈ UNC provider, LAN Manager workstation, ±×¸®°í ¼³Ä¡µÇ¾î ÀÖ´Â ´Ù¸¥ ¾î¶² °Íµé¿¡°Ô ±× UNC ¸íÀ» º¸³½´Ù. ¾î¶² Provider°¡ ÀÚ½ÅÀÇ °ÍÀ¸·Î¼­ UNC ¸íÀ» ÀνÄÇÒ ¶§, MUP´Â ÀÚµ¿ÀûÀ¸·Î ±× UNC ¸í¿¡ ´ëÇÑ ¹Ì·¡ÀÇ ÀνºÅϽºµéÀº ±× Provider·Î Redirect ÇÑ´Ù.

MUP°¡ ÆÄÀÏ ¿äûÀ» ¹ÞÀ¸¸é ±× ¿äûÀ» ÀúÀåÇØ µÑ ¹öÆÛ¸¦ ÇÒ´çÇÑ´Ù. ÀÌ Ã¹¹ø° ¹öÆÛ¿¡ ´ëÇؼ­´Â ÀûÀýÇÏ°Ô ÀԷ üŷÀ» ÇÑ´Ù. ±×·±µ¥ MUP´Â ÀÌ ¿äûÀ» redirector·Î º¸³»±â À§ÇØ ¹öÆÛ¿¡ ÀÖ´Â ÆÄÀÏ ¿äû¿¡ ´ëÇÑ ¶Ç´Ù¸¥ º¹»çº»À» ÀúÀåÇÑ´Ù. ÀÌ µÎ¹ø° ¹öÆÛÀÇ º¹»çº»Àº ¿Ã¹Ù¸£°Ô ÀÔ·ÂÀ» üũÇÏÁö ¸øÇÑ´Ù. °á±¹ ±ÇÇÑÀÌ ¾ø´Â ÇÁ·Î¼¼½º¿¡¼­ÀÇ ÀÚ¿ø ¿äûÀÌ ¹öÆÛ ¿À¹öÇ÷ο츦 ÀÏÀ¸Å³ ¼ö ÀÖµµ·Ï ÇØ ÁØ´Ù. ¹öÆÛ ¿À¹öÇ÷οì´Â µÎ°¡Áö ¸ñÀû, Áï ½Ã½ºÅÛ Á¤Áö³ª Local System ±ÇÇÑÀ¸·Î ½Ã½ºÅÛ »óÀÇ ÀÓÀÇÀÇ ¸í·É ¼öÇàÀ» ¸ñÀûÀ¸·Î µµ¿ëµÉ ¼ö ÀÖ´Ù.

* ¾Ë¸²: ÀÌ Á¡°ËÇ׸ñÀº Á¡°ËÇϱâ À§ÇÑ ¿ø°ÝÁö È£½ºÆ®ÀÇ ·¹Áö½ºÆ®¸®¸¦ ¾×¼¼½ºÇÒ ¼ö ÀÖ´Â Guest ȤÀº ±× ÀÌ»óÀÇ ±ÇÇÑÀ» °¡Áø °èÁ¤À» ÇÊ¿ä·Î ÇÑ´Ù. ÀÌ·¯ÇÑ Á¶°ÇÀÌ ¾ÈµÇ¸é Á¡°ËÀ» ¼öÇàÇÒ ¼ö ¾øÀ¸¸ç ¸ðµç Ãë¾àÇÑ È£½ºÆ®µé¿¡ ´ëÇؼ­ °ÅÁþ À½¼º¹ÝÀÀ(False Negative)À» º¸ÀÏ ¼ö ÀÖ´Ù.

* Âü°í »çÀÌÆ®:
http://www.microsoft.com/technet/security/bulletin/ms02-017.asp
http://www.iss.net/security_center/static/8752.php

* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Microsoft Windows NT 4.0 Workstation
Microsoft Windows NT 4.0 Server
Microsoft Windows NT 4.0 Server, Enterprise Edition
Microsoft Windows NT 4 Terminal Server Edition
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows 2000 Advanced Server
Microsoft Windows XP Professional
ÇØ°áÃ¥ ´ÙÀ½ ´Ù¿î·Îµå Àå¼ÒÀÇ ¸®½ºÆ®¸¦ ÂüÁ¶ÇÏ¿© Áï½Ã ½Ã½ºÅÛ¿¡ ÀûÀýÇÑ ÆÐÄ¡¸¦ ¼³Ä¡ÇÏ¿©¾ß ÇÑ´Ù:

o Windows NT 4.0:
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=4569

o Windows NT 4.0 Terminal Server Edition: http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=8072

o Windows 2000:
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=12907

o Windows XP:
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=14858

o Windows XP 64-bit Edition: http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=11232
°ü·Ã URL CVE-2002-0151 (CVE)
°ü·Ã URL (SecurityFocus)
°ü·Ã URL (ISS)