½Ã½ºÅÛ°ü¸®ÀÚÀÇ ½°ÅÍ Ä¿ÇǴнº Ä¿ÇÇÇâÀÌ ³ª´Â *NIX
Ä¿ÇǴнº
½Ã½ºÅÛ/³×Æ®¿÷/º¸¾ÈÀ» ´Ù·ç´Â °÷
 FAQFAQ   °Ë»ö°Ë»ö   ¸â¹ö¸®½ºÆ®¸â¹ö¸®½ºÆ®   »ç¿ëÀÚ ±×·ì»ç¿ëÀÚ ±×·ì   »ç¿ëÀÚ µî·ÏÇϱâ»ç¿ëÀÚ µî·ÏÇϱâ 
 °³ÀÎ Á¤º¸°³ÀÎ Á¤º¸   ºñ°ø°³ ¸Þ½ÃÁö¸¦ È®ÀÎÇÏ·Á¸é ·Î±×ÀÎÇϽʽÿÀºñ°ø°³ ¸Þ½ÃÁö¸¦ È®ÀÎÇÏ·Á¸é ·Î±×ÀÎÇϽʽÿÀ   ·Î±×Àηα×ÀΠ

°¡ÀÔ¾øÀÌ ´©±¸³ª ±ÛÀ» ¾µ ¼ö ÀÖ½À´Ï´Ù. °øÁö»çÇ׿¡ ´ëÇÑ ´ñ±Û±îÁöµµ..
IT ÀÏÁ¤ New!
ÀÚµ¿È­ ÇÁ·ÎÁ§Æ®




BBS >> ¼³Ä¡, ¿î¿µ Q&A | ³×Æ®¿÷, º¸¾È Q&A | ÀÏ¹Ý Q&A || Á¤º¸¸¶´ç | AWS || ÀÚÀ¯°Ô½ÃÆÇ | ±¸Àα¸Á÷ || °øÁö»çÇ× | ÀÇ°ßÁ¦½Ã
PowerDNS ¼­¹öÀÇ DoS°ø°Ý Ãë¾àÁ¡

 
±Û ¾²±â   ´äº¯ ´Þ±â    Ä¿ÇǴнº, ½Ã½ºÅÛ ¿£Áö´Ï¾îÀÇ ½°ÅÍ °Ô½ÃÆÇ À妽º -> *NIX / IT Á¤º¸
ÀÌÀü ÁÖÁ¦ º¸±â :: ´ÙÀ½ ÁÖÁ¦ º¸±â  
±Û¾´ÀÌ ¸Þ½ÃÁö
truefeel
Ä«Æä °ü¸®ÀÚ


°¡ÀÔ: 2003³â 7¿ù 24ÀÏ
¿Ã¸° ±Û: 1277
À§Ä¡: ´ëÇѹα¹
¿Ã¸®±â¿Ã·ÁÁü: 2005.8.03 ¼ö, 1:09 am    ÁÖÁ¦: PowerDNS ¼­¹öÀÇ DoS°ø°Ý Ãë¾àÁ¡ Àοë°ú ÇÔ²² ´äº¯
7¿ù¿¡ SecuniaÀÇ ±Ç°í¾È¿¡¼­µµ ÀÌ¹Ì ¹àÈù´ë·Î PowerDNS¿¡ ¿ø°Ý °ø°Ý¿¡ ÀÇÇÑ 2°¡ÁöÀÇ DoS Ãë¾àÁ¡ÀÌ ÀÖ½À´Ï´Ù.
securityfocus¿¡¼­ 8.1ÀÏ¿¡ Ãë¾àÁ¡¿¡ ´ëÇÑ ±ÛÀÌ ¿Ã¶ó¿Í ÀÖ¾î ´Ù½Ã Çѹø »ìÆ캾´Ï´Ù.

- LDAP injection °ø°ÝÀ¸·Î ¿ø°ÝÁö¿¡¼­ DoS °ø°Ý °¡´É
- recursion query ÅëÇÑ DoS °ø°Ý °¡´É

À̸¦ ÇØ°áÇϱâ À§Çؼ­´Â PowerDNS 2.9.18 ÀÌ»óÀ» »ç¿ëÇϱ⠹ٶø´Ï´Ù.

Áö³­ 7¿ù ÃÊ¿¡ °³ÀÎÀûÀ¸·Î ±¹³» 1000À§(fian.co.kr ±âÁØ) »çÀÌÆ®ÀÇ DNS¸¦ Á¶»çÇߴµ¥,
1000À§ »çÀÌÆ®¿¡¼­ »ç¿ëÁßÀÎ DNS¼­¹öÀÇ 15°³°¡ PowerDNS 2.9.16ÀÌÇÏ ¹öÀüÀ» »ç¿ëÁßÀ̾ú½À´Ï´Ù.

ÄÚµå:

ns3.????bada.com
ns1.???portal.com
ns2.???portal.com
ns1.???com.com
ns2.???com.com

ns21.???ismall.com
ns21.???is.co.kr
ns1.???fdns.net
ns2.???fdns.net

ns1.???123.co.kr
ns2.???123.co.kr
ns1.????hosting.com
ns1.???isweb.net
ns1.???ycgi.com


* °ü·Ã±Û :
- http://www.securityfocus.com/bid/14291/info
- http://secunia.com/advisories/16111/

Àοë:

* Description:

Two vulnerabilities have been reported in PowerDNS, which can be exploited by malicious people to cause a DoS (Denial of Service).

1) Queries passed to the LDAP backend are not properly sanitised, which can be exploited to cause the backend to fail and not answer requests.

Successful exploitation requires LDAP backend support.

2) An error in the handling of requests from clients, which are denied recursion, can be exploited to temporarily blank out a domain.

Successful exploitation requires that recursion is provided to a limited range of IP addresses.

The vulnerabilities have been reported in version 2.9.17. Prior versions may also be affected.

* Solution:

Update to version 2.9.18.
http://www.powerdns.com/downloads/
À§·Î
»ç¿ëÀÚ Á¤º¸ º¸±â ºñ¹Ð ¸Þ½ÃÁö º¸³»±â ±Û ¿Ã¸°ÀÌÀÇ À¥»çÀÌÆ® ¹æ¹®
ÀÌÀü ±Û Ç¥½Ã:   
±Û ¾²±â   ´äº¯ ´Þ±â    Ä¿ÇǴнº, ½Ã½ºÅÛ ¿£Áö´Ï¾îÀÇ ½°ÅÍ °Ô½ÃÆÇ À妽º -> *NIX / IT Á¤º¸ ½Ã°£´ë: GMT + 9 ½Ã°£(Çѱ¹)
ÆäÀÌÁö 1 Áß 1

 
°Ç³Ê¶Ù±â:  
»õ·Î¿î ÁÖÁ¦¸¦ ¿Ã¸± ¼ö ÀÖ½À´Ï´Ù
´ä±ÛÀ» ¿Ã¸± ¼ö ÀÖ½À´Ï´Ù
ÁÖÁ¦¸¦ ¼öÁ¤ÇÒ ¼ö ¾ø½À´Ï´Ù
¿Ã¸° ±ÛÀ» »èÁ¦ÇÒ ¼ö ¾ø½À´Ï´Ù
ÅõÇ¥¸¦ ÇÒ ¼ö ¾ø½À´Ï´Ù


Powered by phpBB © 2001, 2005 phpBB Group