|
|
[ °ø Áö ] Bourne Again Shell (Bash) ÀÓÀÇÄÚµå ½ÇÇà Ãë¾àÁ¡ º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í |
|
2014-09-25 |
|
|
¾È³çÇϽʴϱî. È£½ºÆ®¸ÕÆ®ÀÔ´Ï´Ù.
¸ÕÀú È£½ºÆ®¸ÕÆ®¸¦ ¾Æ²¸ÁÖ½Ã°í »ç¶ûÇØ Áֽô °í°´ ¿©·¯ºÐ²² Áø½ÉÀ¸·Î °¨»çµå¸®¸ç
Bourne Again Shell (Bash) ÀÓÀÇÄÚµå ½ÇÇà Ãë¾àÁ¡ º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í°¡ ÀÖ¾î
¸¦ ¾Ë·Áµå¸®°íÀÚ ÇÕ´Ï´Ù.
---------------------------------------------------------------------------
¡Ø ÇØ´ç Ãë¾àÁ¡ º¸¾È ÆÐÄ¡¸¦ ¿ìȸÇÒ ¼ö ÀÖ´Â Ãë¾àÁ¡ÀÌ ¹ß»ýÇÏ¿© º¸¾È°øÁö¸¦ ´ëüÇÔ
URL : http://krcert.or.kr/kor/data/secNoticeView.jsp?p_bulletin_writing_sequence=22005
°³¿ä
•¸®´ª½º °è¿ µî ¿î¿µÃ¼Á¦¿¡¼ »ç¿ëÁßÀÎ GNU Bash¿¡¼ ¹ß»ýÇÏ´Â ÀÓÀÇÄÚµå ½ÇÇà
Ãë¾àÁ¡ (CVE-2014-6271)À» ÇØ°áÇÏ´Â ÀϺΠº¸¾È ¾÷µ¥ÀÌÆ® ¹ßÇ¥
•°ø°ÝÀÚ´Â Bash¸¦ »ç¿ëÇÏ¿© ±¸ÇöµÈ ±â´É µîÀ» ¾Ç¿ëÇÏ¿© ÀÓÀÇÀÇ Äڵ带 ½ÇÇà½Ãų ¼ö
ÀÖÀ¸¹Ç·Î ÇØ°á¹æ¾È Àû¿ë ±Ç°í
ÇØ´ç ½Ã½ºÅÛ
•¿µÇâ ¹Þ´Â ½Ã½ºÅÛ
◦GNU Bash¸¦ »ç¿ëÇÏ´Â ½Ã½ºÅÛ
ÇØ°á¹æ¾È
•ÇØ´ç Ãë¾àÁ¡¿¡ ´ëÇÑ º¸¾È¾÷µ¥ÀÌÆ®°¡ °ø°³µÈ OS¸¦ ¿î¿µÇÏ°í ÀÖÀ» °æ¿ì, Âü°í»çÀÌÆ®ÀÇ
³»¿ëÀ» ÂüÁ¶ÇÏ¿© º¸¾È¾÷µ¥ÀÌÆ® ¼öÇà
◦CentOS [1]
◦Debian [2]
◦Redhat [3]
◦Ubuntu [4]
¿ë¾î Á¤¸®
•Shell : »ç¿ëÀÚ°¡ ÀÔ·ÂÇÑ ¹®ÀåÀ» Çؼ®ÇÏ¿© ½Ã½ºÅÛ ±â´ÉÀ» ¼öÇàÇÏ´Â ¸í·É¾î Çؼ®±â
±âŸ ¹®ÀÇ»çÇ×
•Çѱ¹ÀÎÅͳÝÁøÈï¿ø ÀÎÅͳÝħÇØ´ëÀÀ¼¾ÅÍ: ±¹¹ø¾øÀÌ 118
[Âü°í»çÀÌÆ®]
[1] http://lists.centos.org/pipermail/centos/2014-September/146099.html
[2] https://www.debian.org/security/2014/dsa-3032
[3] https://access.redhat.com/solutions/1207723
[4] http://www.ubuntu.com/usn/usn-2362-1/
°¨»çÇÕ´Ï´Ù.
---------------------------------------------------------------------------
Áñ°Å¿òÀÌ Àִ ȣ½ºÆà ¼ºñ½º [ È£½ºÆ®¸ÕÆ® ]
|
|
|