½Ã½ºÅÛ°ü¸®ÀÚÀÇ ½°ÅÍ Ä¿ÇǴнº Ä¿ÇÇÇâÀÌ ³ª´Â *NIX
Ä¿ÇǴнº
½Ã½ºÅÛ/³×Æ®¿÷/º¸¾ÈÀ» ´Ù·ç´Â °÷
 FAQFAQ   °Ë»ö°Ë»ö   ¸â¹ö¸®½ºÆ®¸â¹ö¸®½ºÆ®   »ç¿ëÀÚ ±×·ì»ç¿ëÀÚ ±×·ì   »ç¿ëÀÚ µî·ÏÇϱâ»ç¿ëÀÚ µî·ÏÇϱâ 
 °³ÀÎ Á¤º¸°³ÀÎ Á¤º¸   ºñ°ø°³ ¸Þ½ÃÁö¸¦ È®ÀÎÇÏ·Á¸é ·Î±×ÀÎÇϽʽÿÀºñ°ø°³ ¸Þ½ÃÁö¸¦ È®ÀÎÇÏ·Á¸é ·Î±×ÀÎÇϽʽÿÀ   ·Î±×Àηα×ÀΠ

°¡ÀÔ¾øÀÌ ´©±¸³ª ±ÛÀ» ¾µ ¼ö ÀÖ½À´Ï´Ù. °øÁö»çÇ׿¡ ´ëÇÑ ´ñ±Û±îÁöµµ..




BBS >> ¼³Ä¡, ¿î¿µ Q&A | ³×Æ®¿÷, º¸¾È Q&A | ÀÏ¹Ý Q&A || Á¤º¸¸¶´ç | AWS || ÀÚÀ¯°Ô½ÃÆÇ | ±¸Àα¸Á÷ || °øÁö»çÇ× | ÀÇ°ßÁ¦½Ã
proftpd °ø½Ä »çÀÌÆ® ÇØÅ·´çÇØ

 
±Û ¾²±â   ´äº¯ ´Þ±â    Ä¿ÇǴнº, ½Ã½ºÅÛ ¿£Áö´Ï¾îÀÇ ½°ÅÍ °Ô½ÃÆÇ À妽º -> *NIX / IT Á¤º¸
ÀÌÀü ÁÖÁ¦ º¸±â :: ´ÙÀ½ ÁÖÁ¦ º¸±â  
±Û¾´ÀÌ ¸Þ½ÃÁö
truefeel
Ä«Æä °ü¸®ÀÚ


°¡ÀÔ: 2003³â 7¿ù 24ÀÏ
¿Ã¸° ±Û: 1277
À§Ä¡: ´ëÇѹα¹

¿Ã¸®±â¿Ã·ÁÁü: 2010.12.07 È­, 6:13 pm    ÁÖÁ¦: proftpd °ø½Ä »çÀÌÆ® ÇØÅ·´çÇØ Àοë°ú ÇÔ²² ´äº¯

proftpd °ø½Ä »çÀÌÆ®°¡ ÇØÅ·À»´çÇؼ­ 1.3.3c ¹öÀü¿¡ ¹éµµ¾î°¡ ½É¾îÁøä ¹èÆ÷µÇ¾ú¾ú´Ù.
11.28~12.02 »çÀÌ¿¡ proftpd ¼Ò½º¸¦ ¹ÞÀ¸½Å ºÐµéÀº ¹éµµ¾î°¡ Æ÷ÇԵǾî ÀÖÀ¸´Ï ¹«Á¶°Ç »õ·Î ¹Þ¾Æ MD5¸¦ È®ÀÎÇÏ°í À缳ġÇؾßÇÑ´Ù.



´ÙÀ½Àº proftpd ¸ÞÀϸµ ³»¿ëÀÇ ÀϺÎÀÌ´Ù. ([Proftpd-user] ProFTPD ftp.proftpd.org compromise)

Àοë:

On Sunday, the 28th of November 2010 around 20:00 UTC the main
distribution server of the ProFTPD project was compromised. The
attackers most likely used an unpatched security issue in the FTP daemon
to gain access to the server and used their privileges to replace the
source files for ProFTPD 1.3.3c with a version which contained a backdoor.

The fact that the server acted as the main FTP site for the ProFTPD
project (ftp.proftpd.org) as well as the rsync distribution server
(rsync.proftpd.org) for all ProFTPD mirror servers means that anyone who
downloaded ProFTPD 1.3.3c from one of the official mirrors from 2010-11-28
to 2010-12-02 will most likely be affected by the problem.


¼Ò½ºº° MD5°ªÀÌ´Ù. ¹èÆ÷µÇ´Â ¼Ò½ºÀÇ MD5°ªÀº http://www.proftpd.org/md5_pgp.html ¿¡¼­ ¾Ë ¼ö ÀÖ´Ù.
¸®´ª½º´Â 'md5sum <¼Ò½º ÆÄÀϸí>'À¸·Î
FreeBSD´Â 'md5 <¼Ò½º ÆÄÀϸí>'À¸·Î MD5°ªÀÌ ¸Â´ÂÁö È®ÀÎÇÒ ¼ö ÀÖ´Ù.

ÄÚµå:

018e0eb1757d9cea2a0e17f2c9b1ca2d proftpd-1.3.2e.tar.bz2
4ecb82cb1050c0e897d5343f6d2cc1ed proftpd-1.3.2e.tar.gz
8571bd78874b557e98480ed48e2df1d2 proftpd-1.3.3c.tar.bz2
4f2c554d6273b8145095837913ba9e5d proftpd-1.3.3c.tar.gz


´ÙÀ½Àº ¸ÞÀϸµ¸®½ºÆ® µî °ü·Ã±ÛÀÌ´Ù.

- [Proftpd-user] ProFTPD ftp_proftpd_org compromise (¸ÞÀϸµ)
- ProFTPD Backdoor Unauthorized Access Vulnerability
- Open-source ProFTPD hacked, backdoor planted in source code


¡Ø 2010.12.6(¿ù) Ä¿ÇǴнº ¹æÀÇ 'Ƽ´Ï(tini)'´Ô À̾߱⸦ Åä´ë·Î Á¤¸®
À§·Î
»ç¿ëÀÚ Á¤º¸ º¸±â ºñ¹Ð ¸Þ½ÃÁö º¸³»±â ±Û ¿Ã¸°ÀÌÀÇ À¥»çÀÌÆ® ¹æ¹®
ÀÌÀü ±Û Ç¥½Ã:   
±Û ¾²±â   ´äº¯ ´Þ±â    Ä¿ÇǴнº, ½Ã½ºÅÛ ¿£Áö´Ï¾îÀÇ ½°ÅÍ °Ô½ÃÆÇ À妽º -> *NIX / IT Á¤º¸ ½Ã°£´ë: GMT + 9 ½Ã°£(Çѱ¹)
ÆäÀÌÁö 1 Áß 1

 
°Ç³Ê¶Ù±â:  
»õ·Î¿î ÁÖÁ¦¸¦ ¿Ã¸± ¼ö ÀÖ½À´Ï´Ù
´ä±ÛÀ» ¿Ã¸± ¼ö ÀÖ½À´Ï´Ù
ÁÖÁ¦¸¦ ¼öÁ¤ÇÒ ¼ö ¾ø½À´Ï´Ù
¿Ã¸° ±ÛÀ» »èÁ¦ÇÒ ¼ö ¾ø½À´Ï´Ù
ÅõÇ¥¸¦ ÇÒ ¼ö ¾ø½À´Ï´Ù


Powered by phpBB © 2001, 2005 phpBB Group