|
|
[ °ø Áö ] OpenSSL ¶óÀ̺귯¸® Ãë¾àÁ¡ º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í |
|
2014-04-09 |
|
|
¾È³çÇϽʴϱî. È£½ºÆ®¸ÕÆ®ÀÔ´Ï´Ù.
¸ÕÀú È£½ºÆ®¸ÕÆ®¸¦ ¾Æ²¸ÁÖ½Ã°í »ç¶ûÇØ Áֽô °í°´ ¿©·¯ºÐ²² Áø½ÉÀ¸·Î °¨»çµå¸®¸ç
OpenSSL ¶óÀ̺귯¸® Ãë¾àÁ¡ º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í°¡ ÀÖ¾î À̸¦ ¾Ë·Áµå¸®°íÀÚ ÇÕ´Ï´Ù.
---------------------------------------------------------------------------
°³¿ä
•OpenSSL ¶óÀ̺귯¸®¿¡¼ Á¤º¸ À¯Ãâ Ãë¾àÁ¡À» ÇØ°áÇÑ º¸¾È ¾÷µ¥ÀÌÆ® ¹ßÇ¥[1][2]
•°ø°ÝÀÚ°¡ ÇØ´ç Ãë¾àÁ¡À» ¾Ç¿ëÇÒ °æ¿ì, ¼¹ö ¸Þ¸ð¸®¿¡ Á¸ÀçÇÏ´Â Á¤º¸¸¦ À¯Ãâ ½Ãų ¼ö ÀÖ´Â °ø°Ý °¡´É
¼³¸í
•OpenSSLÀÇ 1°³ Ãë¾àÁ¡À» ÇØ°áÇÑ º¸¾È ¾÷µ¥ÀÌÆ®°¡ ¹ßÇ¥µÊ
◦¼¹öÀÇ Á¤º¸¸¦ À¯Ãâ½Ãų ¼ö ÀÖ´Â Ãë¾àÁ¡ (CVE-2014-0160)
ÇØ´ç ½Ã½ºÅÛ
•¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
◦OpenSSL 1.0.1 ~ OpenSSL 1.0.1f
◦OpenSSL 1.0.2-beta, OpenSSL 1.0.2-beta1
•¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î
◦OpenSSL 1.0.0 ´ë ¹öÀü
◦OpenSSL 0.9.x ´ë ¹öÀü
ÇØ°á ¹æ¾È
•ÇØ´ç Ãë¾àÁ¡¿¡ ¿µÇâ ¹Þ´Â ¹öÀü »ç¿ëÀÚ
◦OpenSSL 1.0.1g ¹öÀüÀ¸·Î ¾÷±×·¹À̵å(http://www.openssl.org/source/)
¿ë¾î Á¤¸®
•OpenSSL ¶óÀ̺귯¸® : SSL/TLS¸¦ ±¸ÇöÇÒ ¶§ »ç¿ëÇÏ´Â ¿ÀÇ ¼Ò½º ¶óÀ̺귯¸®
◦SSL/TLS : ÀÎÅÍ³Ý ¼ºñ½º¿¡¼ µ¥ÀÌÅ͸¦ ¾ÈÀüÇÏ°Ô ¼Û¼ö½ÅÇϱâ À§ÇÑ ÇÁ·ÎÅäÄÝ
±âŸ ¹®ÀÇ»çÇ×
•Çѱ¹ÀÎÅͳÝÁøÈï¿ø ÀÎÅͳÝħÇØ´ëÀÀ¼¾ÅÍ: ±¹¹ø¾øÀÌ 118
Âü°í»çÀÌÆ®
[1] http://www.kb.cert.org/vuls/id/720951
[2] http://heartbleed.com/
°¨»çÇÕ´Ï´Ù.
---------------------------------------------------------------------------
Áñ°Å¿òÀÌ Àִ ȣ½ºÆà ¼ºñ½º [ È£½ºÆ®¸ÕÆ® ]
|
|
|