English
¢¸¢· µÚ·Î
Ãë¾àÁ¡ID 50097
À§Çèµµ 40
Æ÷Æ® 139,445
ÇÁ·ÎÅäÄÝ TCP
ºÐ·ù SMB
»ó¼¼¼³¸í ¿ø°Ý È£½ºÆ®¿¡ Wireshark 2.0.5ÀÌÀü 2.0.x ¹öÀüÀÌ ¼³Ä¡µÇ¾î ÀÖÀ¸¸ç ´ÙÀ½ÀÇ ´ÙÁß Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù.

- CORBA IDLA Çؼ®±â¿¡¼­ ÆÐŶÀ» À߸ø ´Ù·ç¾î ¼­ºñ½º °ÅºÎ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù. ÀÎÁõµÇÁö ¾ÊÀº ¿ø°ÝÀÇ °ø°ÝÀÚ´Â Á¶ÀÛµÈ ÆÐŶÀ̳ª ÆÐŶ Æ®·¹À̽º ÆÄÀÏÀ» ÅëÇÏ¿© ¾îÇø®ÄÉÀ̼ÇÀ» ºØ±«½Ãų ¼ö ÀÖ´Ù. ÀÌ Ãë¾àÁ¡Àº 62ºñÆ® ¹öÀüÀÇ À©µµ¿ì¿¡¸¸ Á¸ÀçÇÑ´Ù. (CVE-2016-6503)

- packet-packetbb.c ÆÄÀÏÀÇ dissect_pbb_tlvblock() ÇÔ¼ö¿¡¼­ 0À¸·Î ³ª´©´Â ¿À·ù°¡ ÀÖ¾î ¼­ºñ½º °ÅºÎ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù. (CVE-2016-6505)

- packet_wsp.c ÆÄÀÏ¿¡¼­ wkh_content_disposition() ÇÔ¼ö°¡ ¿ÀÇÁ¼Â Á¦·Î¸¦ ¸®ÅÏÇÒ ¶§ add_headers() ÇÔ¼ö¿¡ °áÇÔÀÌ Á¸ÀçÇØ ¼­ºñ½º °ÅºÎ³ª ¹«ÇÑ·çÇÁ »óÅ¿¡ ºüÁú ¼ö ÀÖ´Ù. (CVE-2016-6506)

- packet-rlc.c ÆÄÀÏÀÇ rlc_decode_li() ÇÔ¼ö¿¡¼­ À߸øµÈ Á¤¼ö ŸÀÔÀÌ »ç¿ëµÇ ¼­ºñ½º °ÅºÎ »óÅ¿¡ ºüÁú ¼ö ÀÖ´Ù. ÀÌ·Î ÀÎÇÏ¿© °úµµÇÑ CPU¸¦ »ç¿ëÇϰųª ¼­ºñ½º °ÅºÎ »óÅ¿¡ ºüÁú ¼ö ÀÖ´Ù. (CVE-2016-6508)

- packet-ldss.c ÆÄÀÏÀÇ dissect_ldss_transfer() ÇÔ¼ö¿¡ ¼­ºñ½º °ÅºÎ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù. (CVE-2016-6509)

- packet-rlc.c ÆÄÀÏÀÇ rlc_decode_li() ÇÔ¼ö¿¡ ¿À¹öÇ÷ο찡 Á¸ÀçÇÑ´Ù. (CVE-2016-6510)

- proto.c ÆÄÀÏÀÇ proto_tree_add_text_valist_internal() ÇÔ¼ö¿¡¼­ ÆÐŶÀ» À߸ø ´Ù·ç¾î ¼­ºñ½º °ÅºÎ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù. ÀÌ·Î ÀÎÇÏ¿© °úµµÇÑ CPU¸¦ »ç¿ëÇϰųª ¼­ºñ½º °ÅºÎ »óÅ¿¡ ºüÁú ¼ö ÀÖ´Ù. (CVE-2016-6511)

- ÆÐŶÀ» À߸ø ´Ù·ç¾î MMSE, WAP, WBXML, WSP Çؼ®±â¿¡ ´ÙÁß °áÇÔÀÌ Á¸ÀçÇÑ´Ù. (CVE-2016-6512)

- packet-wbxml.c ÆÄÀÏÀÇ parse_wbxml_tag_defined() ÇÔ¼ö¿¡ ¼­ºñ½º °ÅºÎ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù. (CVE-2016-6513)

* ¾Ë¸²: ÀÌ Á¡°ËÇ׸ñÀº Á¡°ËÇϱâ À§ÇÑ È£½ºÆ®·Î ·Î±×ÀÎ ÇÒ ¼ö ÀÖ´Â °ü¸®ÀÚ ±ÇÇÑÀ» °¡Áø °èÁ¤À» ÇÊ¿ä·Î ÇÑ´Ù. ÀÌ·¯ÇÑ Á¶°ÇÀÌ ¾ÈµÇ¸é Á¡°ËÀ» ¼öÇàÇÒ ¼ö ¾øÀ¸¸ç ¸ðµç Ãë¾àÇÑ È£½ºÆ®µé¿¡ ´ëÇؼ­ °ÅÁþ À½¼º¹ÝÀÀ(False Negative)À» º¸ÀÏ ¼ö ÀÖ´Ù.

* Âü°í »çÀÌÆ®:
https://www.wireshark.org/security/wnpa-sec-2016-39.html
https://www.wireshark.org/security/wnpa-sec-2016-41.html
https://www.wireshark.org/security/wnpa-sec-2016-42.html
https://www.wireshark.org/security/wnpa-sec-2016-44.html
https://www.wireshark.org/security/wnpa-sec-2016-45.html
https://www.wireshark.org/security/wnpa-sec-2016-46.html
https://www.wireshark.org/security/wnpa-sec-2016-47.html
https://www.wireshark.org/security/wnpa-sec-2016-48.html
https://www.wireshark.org/security/wnpa-sec-2016-49.html
https://www.wireshark.org/docs/relnotes/wireshark-2.0.5.html

* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Wireshark 2.0.5 ÀÌÀü 2.0.x ¹öÀü
Microsoft Windows ¸ðµç ¹öÀü
ÇØ°áÃ¥ Wireshark À¥ »çÀÌÆ®ÀÎ http://www.wireshark.org/download/win32/all-versions/¿¡¼­ ±¸ÇÒ ¼ö ÀÖ´Â WiresharkÀÇ °¡Àå ÃֽŠ¹öÀü(2.0.5 ȤÀº ÀÌÈÄ)À¸·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù.
°ü·Ã URL CVE-2016-6503,CVE-2016-6505,CVE-2016-6506,CVE-2016-6508,CVE-2016-6509,CVE-2016-6510,CVE-2016-6511,CVE-2016-6512,CVE-2016-6513 (CVE)
°ü·Ã URL 92162,92163,92165,92166,92168,92169,92172,92173,92174 (SecurityFocus)
°ü·Ã URL (ISS)