|
Ä¿ÇÇÇâÀÌ ³ª´Â *NIX
Ä¿ÇǴнº
½Ã½ºÅÛ/³×Æ®¿÷/º¸¾ÈÀ» ´Ù·ç´Â °÷
|
|
|
|
ÀÌÀü ÁÖÁ¦ º¸±â :: ´ÙÀ½ ÁÖÁ¦ º¸±â |
±Û¾´ÀÌ |
¸Þ½ÃÁö |
¹ü³ÃÀÌ
°¡ÀÔ: 2006³â 9¿ù 19ÀÏ ¿Ã¸° ±Û: 44
|
¿Ã·ÁÁü: 2009.9.11 ±Ý, 2:51 pm ÁÖÁ¦: 9.10 Ä¿ÇǴнº À̾߱â (2.4/2.6 exploit µî) |
|
|
[ º¸¾È ]
1. windows SMBÃë¾àÁ¡ °øÁö
Àοë: | ¸¶ÀÌÅ©·Î¼ÒÇÁÆ® ƯÁ¤ À©µµ¿ì ½Ã½ºÅÛÀÇ SMB ¼ºñ½º¿¡ ¿ø°ÝÄÚµå½ÇÇà Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù.
ÀÌ Ãë¾àÁ¡Àº SMB ¼ºñ½ºÀÇ Çù»ó °úÁ¤¿¡¼ ¹ß»ýÇϸç, ÀÌ Ãë¾àÁ¡À» ÀÌ¿ëÇÑ °ø°ÝÀÚ´Â ½Ã½ºÅÛ ±ÇÇÑÀ» ¾ò°Ô µÇ¾î ½Ã½ºÅÛÀ» ¿ÏÀüÈ÷ Á¦¾îÇÒ ¼ö ÀÖ°Ô µÈ´Ù.
ÀÌ Ãë¾àÁ¡Àº ¿ø°Ý¿¡¼ °ø°ÝÀÌ °¡´ÉÇϹǷΠÁÖÀÇ°¡ ÇÊ¿äÇϸç, À©µµ¿ì Vista, À©µµ¿ì ¼¹ö 2008 ¿¡¼¸¸ ¹ß»ýÇϸç, À©µµ¿ì 7 ¹× À©µµ¿ì ¼¹ö 2008 R2¿¡´Â ¿µÇâÀ» ÁÖÁö ¾Ê´Â´Ù. |
- º¸È£ ³ª¶ó : http://www.boho.or.kr/dataroom/data_05_dtl.jsp?page_id=6&u_id=39&TempNum=0&page=1 Àοë: | ¡à Àӽà ÇØ°á ¹æ¾È
o ÇöÀç ÇØ´ç Ãë¾àÁ¡¿¡ ´ëÇÑ º¸¾È¾÷µ¥ÀÌÆ®´Â ¹ßÇ¥µÇÁö ¾Ê¾ÒÀ½
o SMB2¸¦ ºñÈ°¼ºÈ [4]
¡Ø ·¹Áö½ºÆ®¸® ¼³Á¤À» À߸ø º¯°æÇÒ °æ¿ì ½Ã½ºÅÛ¿¡ ½É°¢ÇÑ ¿À·ù°¡ ¹ß»ýÇÒ ¼ö ÀÖÀ¸¹Ç·Î ÁÖÀÇ
o TCP 139/445 Æ÷Æ®¸¦ ¹æȺ®¿¡¼ ÇÊÅ͸µ [4]
- ÀÎÅͳݿ¡¼ À¯ÀԵǴ ¿ÜºÎÀÇ °ø°ÝÀ¸·ÎºÎÅÍ ¹æȺ® µÚÂÊ¿¡ ÀÖ´Â ½Ã½ºÅÛÀ» º¸È£
¡Ø SMB/CIFS¸¦ »ç¿ëÇÏ´Â ÀÀ¿ëÇÁ·Î±×·¥À̳ª ÆÄÀÏ/ÇÁ¸°ÅÍ °øÀ¯ ±â´É »ç¿ë ºÒ°¡
o KrCERT/CC¿Í MSº¸¾È ¾÷µ¥ÀÌÆ® »çÀÌÆ®[5]¸¦ ÁÖ±âÀûÀ¸·Î È®ÀÎÇÏ¿© ÇØ´ç Ãë¾àÁ¡¿¡ ´ëÇÑ º¸¾È ¾÷µ¥ÀÌÆ®
¹ßÇ¥½Ã ½Å¼ÓÈ÷ ÃֽŠ¾÷µ¥ÀÌÆ®¸¦ Àû¿ëÇϰųª ÀÚµ¿ ¾÷µ¥ÀÌÆ®¸¦ ¼³Á¤
¡Ø ÀÚµ¿¾÷µ¥ÀÌÆ® ¼³Á¤ ¹æ¹ý: ½ÃÀÛ¡æÁ¦¾îÆǡ溸¾È¼¾ÅÍ¡æÀÚµ¿¾÷µ¥ÀÌÆ®¡æÀÚµ¿(±ÇÀå) ¼±ÅÃ
o Ãë¾àÁ¡¿¡ ÀÇÇÑ ÇÇÇظ¦ ÁÙÀ̱â À§ÇÏ¿© »ç¿ëÀÚ´Â ´ÙÀ½°ú °°Àº »çÇ×À» ÁؼöÇؾßÇÔ
- ÆÄÀÏ°øÀ¯ ±â´É µîÀ» »ç¿ëÇÏÁö ¾ÊÀ¸¸é ºñÈ°¼ºÈÇÏ°í °³ÀιæȺ®À» ¹Ýµå½Ã »ç¿ë
- »ç¿ëÇÏ°í ÀÖ´Â ¹é½ÅÇÁ·Î±×·¥ÀÇ ÃֽŠ¾÷µ¥ÀÌÆ®¸¦ À¯ÁöÇÏ°í, ½Ç½Ã°£ °¨½Ã±â´ÉÀ» È°¼ºÈ
- ½Å·ÚµÇÁö ¾Ê´Â À¥ »çÀÌÆ®ÀÇ ¹æ¹® ÀÚÁ¦
- Ãâó°¡ ºÒºÐ¸íÇÑ À̸ÞÀÏÀÇ Ã·ºÎÆÄÀÏ ¿¾îº¸±â ÀÚÁ¦
|
- °ü·Ã±Û : 9.8~9.9 Ä¿ÇǴнº À̾߱â (Windows 7, Vista Ãë¾àÁ¡)
- °ø°Ý ÄÚµå : SMB SRV2.SYS Denial of Service PoC ( 2009.9.8 )
2. Linux Kernel 2.4/2.6 sock_sendpage() Local Root Exploit [2] (2009.9.9)
Áö³ 8¿ù Áß¼ø¿¡ ³ª¿Ô´ø Ãë¾àÁ¡ÀÌ´Ù. 9¿ù9ÀÏ¿¡ »õ·Î¿î Ãë¾àÁ¡ÀÌ ³ª¿Â °ÍÀº ¾Æ´Ï¸ç, ÀÌÀü Ãë¾àÁ¡¿¡ ´ëÇÑ ´Ù¸¥ °ø°Ý ÄÚµå.
Àοë: | This is the second version of Linux sock_sendpage() NULL pointer
dereference exploit. Now, it also works with Linux kernel versions
which implements COW credentials (e.g. Fedora 11). For SELinux enforced
systems, it automatically searches in the SELinux policy rules for
types with mmap_zero permission it can transition, and tries to exploit
the system with that types.
http://milw0rm.com/sploits/2009-linux-sendpage2.tar.gz
# milw0rm.com [2009-09-09]
|
- 2.6.18-128.7.1.el5 ¿¡¼ ½ÇÆÐ.
- 2.6.9-89.0.9.ELsmp #1 SMP¿¡¼ ½ÇÆÐ.
- °ü·Ã±Û : ¸®´ª½º, ·ÎÄÿ¡¼ root±ÇÇÑ È¹µæ Ãë¾àÁ¡ (sock_sendpage() ¹®Á¦) (2009.8.17)
3. ISEC 2009 CTF º»¼± °á°ú
|
|
À§·Î |
|
|
|
|
»õ·Î¿î ÁÖÁ¦¸¦ ¿Ã¸± ¼ö ÀÖ½À´Ï´Ù ´ä±ÛÀ» ¿Ã¸± ¼ö ÀÖ½À´Ï´Ù ÁÖÁ¦¸¦ ¼öÁ¤ÇÒ ¼ö ¾ø½À´Ï´Ù ¿Ã¸° ±ÛÀ» »èÁ¦ÇÒ ¼ö ¾ø½À´Ï´Ù ÅõÇ¥¸¦ ÇÒ ¼ö ¾ø½À´Ï´Ù
|
Powered by phpBB © 2001, 2005 phpBB Group
|