½Ã½ºÅÛ°ü¸®ÀÚÀÇ ½°ÅÍ Ä¿ÇǴнº Ä¿ÇÇÇâÀÌ ³ª´Â *NIX
Ä¿ÇǴнº
½Ã½ºÅÛ/³×Æ®¿÷/º¸¾ÈÀ» ´Ù·ç´Â °÷
 FAQFAQ   °Ë»ö°Ë»ö   ¸â¹ö¸®½ºÆ®¸â¹ö¸®½ºÆ®   »ç¿ëÀÚ ±×·ì»ç¿ëÀÚ ±×·ì   »ç¿ëÀÚ µî·ÏÇϱâ»ç¿ëÀÚ µî·ÏÇϱâ 
 °³ÀÎ Á¤º¸°³ÀÎ Á¤º¸   ºñ°ø°³ ¸Þ½ÃÁö¸¦ È®ÀÎÇÏ·Á¸é ·Î±×ÀÎÇϽʽÿÀºñ°ø°³ ¸Þ½ÃÁö¸¦ È®ÀÎÇÏ·Á¸é ·Î±×ÀÎÇϽʽÿÀ   ·Î±×Àηα×ÀΠ

°¡ÀÔ¾øÀÌ ´©±¸³ª ±ÛÀ» ¾µ ¼ö ÀÖ½À´Ï´Ù. °øÁö»çÇ׿¡ ´ëÇÑ ´ñ±Û±îÁöµµ..




BBS >> ¼³Ä¡, ¿î¿µ Q&A | ³×Æ®¿÷, º¸¾È Q&A | ÀÏ¹Ý Q&A || Á¤º¸¸¶´ç | AWS || ÀÚÀ¯°Ô½ÃÆÇ | ±¸Àα¸Á÷ || °øÁö»çÇ× | ÀÇ°ßÁ¦½Ã
Sendmail ¿ø°Ý Ãë¾àÁ¡ÀÖÀ½. ÃֽŠ8.12.9±îÁö

 
±Û ¾²±â   ´äº¯ ´Þ±â    Ä¿ÇǴнº, ½Ã½ºÅÛ ¿£Áö´Ï¾îÀÇ ½°ÅÍ °Ô½ÃÆÇ À妽º -> *NIX / IT Á¤º¸
ÀÌÀü ÁÖÁ¦ º¸±â :: ´ÙÀ½ ÁÖÁ¦ º¸±â  
±Û¾´ÀÌ ¸Þ½ÃÁö
truefeel
Ä«Æä °ü¸®ÀÚ


°¡ÀÔ: 2003³â 7¿ù 24ÀÏ
¿Ã¸° ±Û: 1277
À§Ä¡: ´ëÇѹα¹

¿Ã¸®±â¿Ã·ÁÁü: 2003.9.18 ¸ñ, 4:49 am    ÁÖÁ¦: Sendmail ¿ø°Ý Ãë¾àÁ¡ÀÖÀ½. ÃֽŠ8.12.9±îÁö Àοë°ú ÇÔ²² ´äº¯

BugTraq¿¡ 17ÀÏ(¿ì¸® ½Ã°£À¸·Î´Â ¾ðÁ¦ÀÎÁö..) ¹ßÇ¥µÆ½À´Ï´Ù.
·ê¼Â ÆĽ̰ú ÁÖ¼Ò ÆÄ½Ì ºÎºÐ.
¿ø°Ý¿¡¼­ exploit °¡´ÉÇÒ °Å¶ó°í ÇÕ´Ï´Ù. Âü ¾Ö¸ÅÇÑ Ç¥ÇöÀÔ´Ï´Ù.
·ÎÄÃÀº °¡´ÉÇϱ¸¿ä.

Remote attack is believed to be possible.

¹æ±Ý sendmail ȨÇǵµ ¾÷µ¥ÀÌÆ®µÆ½À´Ï´Ù.
http://www.sendmail.org/8.12.10.html

ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.10.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.10.tar.gz.sig
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.10.tar.Z
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.10.tar.Z.sig

CERT µî¿¡¼­ ±Ç°í¹®ÀÌ ¾î¶»°Ô ³ª¿ÃÁö ÁöÄѺÁ¾ß°Ú½À´Ï´Ù.
ÇöÀç±îÁö ¾Ë·ÁÁø °ÍÀº securityfocus.com¿¡¼­
http://securityfocus.com/archive/1/337839/2003-09-14/2003-09-20/0

------------------------------------------------------
To: BugTraq
Subject: Sendmail 8.12.9 prescan bug (a new one) [CAN-2003-0694]
Date: Sep 17 2003 9:19AM
Author: Michal Zalewski <lcamtuf dione ids pl>
Message-ID: <Pine.LNX.4.44.0309162201480.11655-100000@dione.ids.pl>

Hello lists,

--------
Overview
--------

There seems to be a remotely exploitable vulnerability in Sendmail up to
and including the latest version, 8.12.9. The problem lies in prescan()
function, but is not related to previous issues with this code.

The primary attack vector is an indirect invocation via parseaddr(),
although other routes are possible. Heap or stack structures, depending
on the calling location, can be overwritten due to the ability to go
past end of the input buffer in strtok()-alike routines.

This is an early release, thanks to my sheer stupidity.

... »ý·« ...
À§·Î
»ç¿ëÀÚ Á¤º¸ º¸±â ºñ¹Ð ¸Þ½ÃÁö º¸³»±â ±Û ¿Ã¸°ÀÌÀÇ À¥»çÀÌÆ® ¹æ¹®
°Ô½ºÆ®
¼Õ´Ô





¿Ã¸®±â¿Ã·ÁÁü: 2003.9.18 ¸ñ, 7:00 pm    ÁÖÁ¦: ±×·³ ÀÌÀü ¹öÀü »ç¿ëÀÚµéÀº ¾îÄÉÇؾߵdzª¿ä ? Àοë°ú ÇÔ²² ´äº¯

ftp¿¡ ÀÖ´Â ÆÄÀÏ ´Ù¿î·ÎµåÇؼ­ ¾îÄÉ ÇؾßÇÏ´ÂÁö °úÁ¤Á» Àû¾îÁÖ¼¼¿ä.

¾ÆÁÖ »ç¼ÒÇÑ °úÁ¤±îÁö ÇÊ¿äÇÕ´Ï´Ù.

À½ µÎ·Æ´Ù.
À§·Î
truefeel
Ä«Æä °ü¸®ÀÚ


°¡ÀÔ: 2003³â 7¿ù 24ÀÏ
¿Ã¸° ±Û: 1277
À§Ä¡: ´ëÇѹα¹

¿Ã¸®±â¿Ã·ÁÁü: 2003.9.18 ¸ñ, 8:26 pm    ÁÖÁ¦: Re: »ç¼ÒÇÑ º¸¾È ¹®Á¦ÀÎ µí. ÇØ´ç OS Ȩ¿¡¼­ ¾÷µ¥ÀÌÆ®Çϼ¼¿ä. Àοë°ú ÇÔ²² ´äº¯

°Ô½ºÆ® ¾¸:
ftp¿¡ ÀÖ´Â ÆÄÀÏ ´Ù¿î·ÎµåÇؼ­ ¾îÄÉ ÇؾßÇÏ´ÂÁö °úÁ¤Á» Àû¾îÁÖ¼¼¿ä.

¾ÆÁÖ »ç¼ÒÇÑ °úÁ¤±îÁö ÇÊ¿äÇÕ´Ï´Ù.

À½ µÎ·Æ´Ù.


±×¸® Å« º¸¾È¹®Á¦´Â¾Æ´Ñ °Í °°½À´Ï´Ù.
CERT µî¿¡µµ ±Ç°í¹®ÀÌ ¿Ã¶ó¿ÀÁö ¾Ê´Â °ÍÀ¸·Î ºÁ¼­´Â »ç¼ÒÇÑ °ÍÀ¸·Î »ý°¢À» ÇÏ´Â µí.
Á¤È®È÷ ¿ø°Ý¿¡¼­ attackÇÒ ¼öÀÖ´Ù´Â °Íµµ ¾Æ´Ï°í ±×·² °¡´É¼ºÀÌ ÀÖ´Ù´Â °Í °°´Ù¶ó´Â ±ÛÀÔ´Ï´Ù.
sendmail.cf¸¦ ¼öÁ¤Çؼ­ ·ê¼ÂÀ» º¯°æÇÑ °æ¿ì°¡ ¾Æ´Ï¶ó¸é ´ÙÇàÀ̶ó´Â °Ì´Ï´Ù.
" º¸¾È»óÀÇ ¹®Á¦´Â ÀÖ´Ù. ±×·¯³ª »ç¼ÒÇÏ´Ù. " Áö±Ý±îÁöÀÇ °á·ÐÀÏ µí(?)
-----------------------------------------------------------------------------

·¹µåÇÞÀ» »ç¿ëÇϽŴٸé up2date ½ÇÇàÇؼ­ ¾÷µ¥ÀÌÆ® Çϼ¼¿ä.
up2date °¡ ¹ºÁö ¸ð¸£½Ã¸é
https://rhn.redhat.com/errata/RHSA-2003-283.html ¿¡¼­ ÇØ´ç ¹öÀüÀÇ
sendmail-*.i386.rpm ÆÄÀÏÀ» ¹Þ¾Æ¿À¼¼¿ä.
±×·± ´ÙÀ½ ¹ÞÀº rpm À» rpm -Fvh ¸í·É¾î·Î ¾÷µ¥ÀÌÆ®¸¦ ÇÏ¸é µË´Ï´Ù.

rpm -Fvh sendmail-*


truefeel °¡ 2003.9.19 ±Ý, 1:20 am¿¡ ¼öÁ¤ÇÔ, ÃÑ 1 ¹ø ¼öÁ¤µÊ
À§·Î
»ç¿ëÀÚ Á¤º¸ º¸±â ºñ¹Ð ¸Þ½ÃÁö º¸³»±â ±Û ¿Ã¸°ÀÌÀÇ À¥»çÀÌÆ® ¹æ¹®
truefeel
Ä«Æä °ü¸®ÀÚ


°¡ÀÔ: 2003³â 7¿ù 24ÀÏ
¿Ã¸° ±Û: 1277
À§Ä¡: ´ëÇѹα¹

¿Ã¸®±â¿Ã·ÁÁü: 2003.9.19 ±Ý, 1:19 am    ÁÖÁ¦: sendmail¿¡ ´ëÇÑ CERT±Ç°í¹®ÀÌ ³ª¿Ô³×¿ä. Àοë°ú ÇÔ²² ´äº¯

CERT¿¡ ±Ç°í¹®ÀÌ ¿Ã¶ó¿Ô³×¿ä.

http://www.cert.org/advisories/CA-2003-25.html

Àü¿¡ ¿Ã¶ó¿Â°Å¶û °ÅÁü ºñ½ÁÇÕ´Ï´Ù.
UNIX/LINUXÀÇ ´ëºÎºÐÀÇ ½Ã½ºÅÛ¿¡¼­ sendmailÀ» »ç¿ëÇÏ°í ÀÖ°í
ÁÖ¼Ò ÆĽÌÇÏ´Â Äڵ忡 Ãë¾àÁ¡ÀÌ ÀÖ´Ù´Â °Ì´Ï´Ù. attacker°¡ prescan() ÇÔ¼ö ¹®Á¦·Î ¹öÆÛ ¸ÇµÞºÎºÐ¿¡ ½á¼­
±ÇÇÑÀ» ¾òÀ» ¼ö ÀÖ´Ù´Â °Ì´Ï´Ù.
¶ÇÇÑ attacker°¡ ±³¹¦ÇÑ ÇüÅÂÀÇ ¸ÞÀÏ ¸Þ½ÃÁö¸¦ ÅëÇؼ­ ÀÓÀÇÀÇ Äڵ带 ½ÇÇàÇÒ ¼öµµ ÀÖ´ä´Ï´Ù.

Àοë:

I. Description

Sendmail is a widely deployed mail transfer agent (MTA). Many UNIX and Linux systems provide a sendmail implementation that is enabled and running by default. Sendmail contains a vulnerability in its address parsing code. An error in the prescan() function could allow an attacker to write past the end of a buffer, corrupting memory structures. Depending on platform and operating system architecture, the attacker may be able to execute arbitrary code with a specially crafted email message.

This vulnerability is different than the one described in CA-2003-12.

The email attack vector is message-oriented as opposed to connection-oriented. This means that the vulnerability is triggered by the contents of a specially crafted email message rather than by lower-level network traffic. This is important because an MTA that does not contain the vulnerability may pass the malicious message along to other MTAs that may be protected at the network level. In other words, vulnerable sendmail servers on the interior of a network are still at risk, even if the site's border MTA uses software other than sendmail. Also, messages capable of exploiting this vulnerability may pass undetected through packet filters or firewalls.


OSº°·Î ¾÷µ¥ÀÌÆ® ¸ñ·ÏÀÌ ÀÖ½À´Ï´Ù. ¸Çµå·¹ÀÌÅ© ¹èÆ÷Æǵµ ÆÐÄ¡°¡ ¿Ã¶ó¿Ô´Ù°í ±×·¯´Âµ¥ ÀÌ ±Ç°í¹®¿¡´Â
¾È³ª¿Í Àֳ׿ä.
À§·Î
»ç¿ëÀÚ Á¤º¸ º¸±â ºñ¹Ð ¸Þ½ÃÁö º¸³»±â ±Û ¿Ã¸°ÀÌÀÇ À¥»çÀÌÆ® ¹æ¹®
ÀÌÀü ±Û Ç¥½Ã:   
±Û ¾²±â   ´äº¯ ´Þ±â    Ä¿ÇǴнº, ½Ã½ºÅÛ ¿£Áö´Ï¾îÀÇ ½°ÅÍ °Ô½ÃÆÇ À妽º -> *NIX / IT Á¤º¸ ½Ã°£´ë: GMT + 9 ½Ã°£(Çѱ¹)
ÆäÀÌÁö 1 Áß 1

 
°Ç³Ê¶Ù±â:  
»õ·Î¿î ÁÖÁ¦¸¦ ¿Ã¸± ¼ö ÀÖ½À´Ï´Ù
´ä±ÛÀ» ¿Ã¸± ¼ö ÀÖ½À´Ï´Ù
ÁÖÁ¦¸¦ ¼öÁ¤ÇÒ ¼ö ¾ø½À´Ï´Ù
¿Ã¸° ±ÛÀ» »èÁ¦ÇÒ ¼ö ¾ø½À´Ï´Ù
ÅõÇ¥¸¦ ÇÒ ¼ö ¾ø½À´Ï´Ù


Powered by phpBB © 2001, 2005 phpBB Group