[
°ø Áö
] Intel Æß¿þ¾î Ãë¾àÁ¡ º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í
2017-11-23
¾È³çÇϽʴϱî. È£½ºÆ®¸ÕÆ®ÀÔ´Ï´Ù.
¸ÕÀú È£½ºÆ®¸ÕÆ®¸¦ ¾Æ²¸ÁÖ½Ã°í »ç¶ûÇØ Áֽô °í°´ ¿©·¯ºÐ²² Áø½ÉÀ¸·Î °¨»çµå¸®¸ç
Intel Æß¿þ¾î Ãë¾àÁ¡ º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í°¡ ÀÖ¾î À̸¦ ¾Ë·Áµå¸®°íÀÚ ÇÕ´Ï´Ù.
---------------------------------------------------------------------------
¡à °³¿ä
o IntelÞä´Â ÀÚ»ç Á¦Ç°¿¡¼ ¹ß»ýÇÏ´Â Ãë¾àÁ¡À» ÇØ°áÇÑ º¸¾È ¾÷µ¥ÀÌÆ®¸¦ ¹ßÇ¥ [1]
o ¿µÇâ ¹Þ´Â ¹öÀü »ç¿ëÀÚ´Â ÇØ°á¹æ¾È¿¡ µû¶ó ÃֽŹöÀüÀ¸·Î ¾÷µ¥ÀÌÆ® ±Ç°í
¡à ³»¿ë
o ÀÎÅÚ¢ç °ü¸® ¿£Áø(Intel¢ç ME)
- Ä¿³Î¿¡¼ ¹öÆÛ¿À¹öÇ÷οì·Î ÀÎÇÑ ÀÓÀÇ ÄÚµå ½ÇÇà Ãë¾àÁ¡(CVE-2017-5705)
- Ä¿³Î¿¡¼ ¹ß»ýÇÏ´Â ±ÇÇÑ »ó½Â Ãë¾àÁ¡(CVE-2017-5708)
- AMT¿¡¼ ¹öÆÛ¿À¹öÇ÷οì·Î ÀÎÇÑ ÀÓÀÇ ÄÚµå ½ÇÇà Ãë¾àÁ¡(CVE-2017-5711, CVE-2017-5712)
¡Ø AMT (Active Management Technology) : ¿ø°Ý À¯Áöº¸¼ö ¹× ¹«¼± °ü¸® µîÀ» ¼öÇàÇÏ´Â ±â¼ú
o ÀÎÅÚ¢ç ¼¹ö Ç÷§Æû ¼ºñ½º(Intel¢ç SPS)
- Ä¿³Î¿¡¼ ¹öÆÛ¿À¹öÇ÷οì·Î ÀÎÇÑ ÀÓÀÇ ÄÚµå ½ÇÇà Ãë¾àÁ¡(CVE-2017-5706)
- Ä¿³Î¿¡¼ ¹ß»ýÇÏ´Â ±ÇÇÑ »ó½Â Ãë¾àÁ¡(CVE-2017-5709)
o ÀÎÅÚ¢ç ½Å·Ú ½ÇÇà ¿£Áø(Intel¢ç TXE)
- Ä¿³Î¿¡¼ ¹öÆÛ¿À¹öÇ÷οì·Î ÀÎÇÑ ÀÓÀÇ ÄÚµå ½ÇÇà Ãë¾àÁ¡(CVE-2017-5707)
- Ä¿³Î¿¡¼ ¹ß»ýÇÏ´Â ±ÇÇÑ »ó½Â Ãë¾àÁ¡ (CVE-2017-5710)
¡à ¿µÇâÀ» ¹Þ´Â Á¦Ç° ¹× ¹öÀü
o Âü°í»çÀÌÆ®[1] ¿¡ ¸í½ÃµÇ¾î ÀÖ´Â ¡®Affected Products¡¯À» ÅëÇØ Ãë¾àÇÑ Á¦Ç° È®ÀÎ
¡à ÇØ°á ¹æ¾È
o Intel ME, TXE, SPS »ç¿ëÀÚ´Â ÀÎÅÚ °Ë»ö µµ±¸( Âü°í»çÀÌÆ® [2])¸¦ »ç¿ëÇÏ¿© ÇØ´ç Ãë¾àÁ¡¿¡ Ãë¾àÇÑÁö È®ÀÎ ÈÄ ¾÷µ¥ÀÌÆ® ¼öÇà
o º¸¾È ¾÷µ¥ÀÌÆ®°¡ °ø°³µÈ ¿î¿µÃ¼Á¦¸¦ ¿î¿µÇÏ°í ÀÖÀ» °æ¿ì, Âü°í »çÀÌÆ®[]ÀÇ ³»¿ëÀ» ÂüÁ¶ÇÏ¿© º¸¾È ¾÷µ¥ÀÌÆ® È®ÀÎ ¹× ¼³Ä¡
- Acer[3]
- Dell Client[4]
- Dell Server[5]
- Fujitsu[6]
- HPE Servers[7]
- Lenovo[8]
- Panasonic[9]
¡à ±âŸ ¹®ÀÇ»çÇ×
o Çѱ¹ÀÎÅͳÝÁøÈï¿ø ÀÎÅͳÝħÇØ´ëÀÀ¼¾ÅÍ: ±¹¹ø¾øÀÌ 118
[Âü°í»çÀÌÆ®]
[1]
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr&_ga=2.147127473.74753197.1511420584-1413380157.1511420584
[2]
https://downloadcenter.intel.com/download/27150
[3]
https://us.answers.acer.com/app/answers/detail/a_id/51890
[4]
http://www.dell.com/support/article/kr/ko/krdhs1/sln308237/dell-client-statement-on-intel-me-txe-advisory--intel-sa-00086-?lang=en
[5]
http://www.dell.com/support/article/kr/ko/krdhs1/qna44242/dell-server-statement-on-intel-me-txe-advisory--intel-sa-00086-?lang=en
[6]
http://www.fujitsu.com/global/support/products/software/security/products-f/itsa-00086e.html
[7]
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00036596en_us
[8]
https://support.lenovo.com/kr/ko/product_security/len-17297
[9]
http://pc-dl.panasonic.co.jp/itn/info/osinfo20171121.html
---------------------------------------------------------------------------
Áñ°Å¿òÀÌ Àִ ȣ½ºÆà ¼ºñ½º [ È£½ºÆ®¸ÕÆ® ]