|
¸®´ª½º Ä¿³Î Ãë¾àÁ¡ ¾È³» (¼¹öÈ£½ºÆà °í°´¸¸ÇØ´ç) | |
|
|
|
¸®´ª½º Ä¿³Î Ãë¾àÁ¡ ¾È³» 1. ÇØ´ç °í°´: ¼¹öÈ£½ºÆÃ/ÄÚ·ÎÄÉÀÌ¼Ç ¸®´ª½º OS »ç¿ë °í°´ (´Ü, °ü¸®Çü ¼ºñ½º ÀÌ¿ë °í°´À» Á¦¿ÜµË´Ï´Ù.) 2. °³¿ä 2009.8.13 ´ëºÎºÐÀÇ ¸®´ª½º Ä¿³Î ¹öÁ¯¿¡¼ ·ÎÄà ±ÇÇÑ »ó½Â Ãë¾àÁ¡ÀÌ ¹ß°ßµÇ¾ú½À´Ï´Ù. 3. ¼³¸í À̹ø Ãë¾àÁ¡Àº proto_ops ±¸Á¶Ã¼ÀÇ ÃʱâÈ°¡ Á¦´ë·Î µÇÁö ¾ÊÀº »óÅ¿¡¼ sock_sendpage() ÇÔ¼ö¿¡¼ ³Î Æ÷ÀÎÅ͸¦ ÂüÁ¶Çϱ⠶§¹®¿¡ ¹ß»ýÇÏ¿´½À´Ï´Ù. ÀÌ·Î ÀÎÇØ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛ »ó¿¡¼ °ø°ÝÀÚ´Â ½´ÆÛ À¯Àú ±ÇÇÑÀ» ȹµæÇÏ¿© ÀÓÀÇÀÇ Äڵ带 ½ÇÇàÇϰųª ¼ºñ½º¸¦ ºÒ´É »óÅ·Π¸¸µé ¼ö ÀÖ½À´Ï´Ù. 4. ¿µÇâ ¹Þ´Â Ä¿³Î ¹öÁ¯ Linux 2.4: 2.4.4 ~ 2.4.37.4 Linux 2.6: 2.6.0 ~ 2.6.30.4 5. ÇØ°á ¹æ¾È (¡Ø ¹öÁ¯¿¡ µû¶ó Àû¿ëÀÌ ¾ÈµÉ¼öµµ ÀÖ½À´Ï´Ù.) ÃֽŠLinux Ä¿³Î(Linux 2.6.31-rc6°ú Linux 2.4.37.5 ÀÌ»ó)·Î ¾÷µ¥ÀÌÆ® ¹× Ä¿³Î ÆÐÅ°Áö¸¦ ¼³Ä¡Çϰųª ´çÀå ¾÷µ¥ÀÌÆ®°¡ ¾î·Á¿ï °æ¿ì ¾Æ·¡¿Í °°ÀÌ Àӽà Á¶Ä¡¸¦ ÇÕ´Ï´Ù. Àӽà Á¶Ä¡ ¹æ¹ý 1) sysctl -w vm.mmap_min_addr=4096 Àӽà Á¶Ä¡ ¹æ¹ý 2) /etc/modprobe.conf(or modules.conf) ¿¡ ´ÙÀ½À» ¼³Á¤ÇÏ¿© ipx, pppox µîÀÇ ±âŸ ³×Æ®¿öÅ© °ü·Ã Ä¿³Î ¸ðµâÀ» ¸ø ¿Ã¸®°Ô ÇÑ´Ù. install bluez /bin/true install pppox /bin/true install bluetooth /bin/true install pppox /bin/true install bluetooth /bin/true install appletalk /bin/true install ipx /bin/true install sctp /bin/true 6. ¹èÆ÷ÆǺ° ¾÷µ¥ÀÌÆ® - CentOS 5.x/Fedora Core 6(RHEL 5.x¿¡ ´ëÀÀ) rpm ´Ù¿î·Îµå ÁÖ¼Ò x86: ftp://ftp.daum.net/centos/5.3/updates/i386/RPMS/kernel-PAE-2.6.18-128.7.1.el5.i686.rpm x86_64: ftp://ftp.daum.net/centos/5.3/updates/x86_64/RPMS/kernel-2.6.18-128.7.1.el5.x86_64.rpm - CentOS 4.x(RHEL 4.x¿¡ ´ëÀÀ) rpm ´Ù¿î·Îµå ÁÖ¼Ò x86: ftp://ftp.daum.net/centos/4.8/updates/x86_64/RPMS/kernel-2.6.9-89.0.9.EL.x86_64.rpm x86_64: ftp://ftp.daum.net/centos/4.8/updates/i386/RPMS/kernel-2.6.9-89.0.9.EL.i686.rpm ¼Ò½º ´Ù¿î·Îµå http://kernel.org/pub/linux/kernel/v2.6/testing/patch-2.6.31-rc7.bz2 http://kernel.org/pub/linux/kernel/v2.4/linux-2.4.37.5.tar.bz2 7. Âü°í »çÀÌÆ® http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2692 http://www.securityfocus.com/bid/36038/info http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.html http://kbase.redhat.com/faq/docs/DOC-18065 http://www.ubuntu.com/usn/usn-819-1 http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.html https://rhn.redhat.com/errata/RHSA-2009-1222.html https://rhn.redhat.com/errata/RHSA-2009-1223.html 8. Á÷Á¢ ¾÷µ¥ÀÌÆ®°¡ ¾î·Á¿î °æ¿ì , 1:1 »ó´ã °Ô½ÃÆÇ¿¡ ¾Æ·¡¿Í °°ÀÌ ½Åû ÇØ Áֽñ⠹ٶø´Ï´Ù. 1) ¾÷ü¸í : 2) ¾ÆÀÌÇÇ ¶Ç´Â ´ëÇ¥µµ¸ÞÀÎ : 3) root Æнº¿öµå : 4) ÆÐÄ¡ ºñ¿ëÀº ¼¹ö´ç 33,000¿ø ÀÌ¸ç ¾Æ·¡ °èÁ·ΠÀÔ±Ý ¹Ù¶ø´Ï´Ù. - ±¹¹ÎÀºÇà 873201-04-154782 ¸¶·çÀÎÅͳÝ(ÁÖ) ¡Ø ÆÐÄ¡ÈÄ ¼¹ö ÀçºÎÆà °úÁ¤ÀÌ ÇÊ¿ä ÇϹǷΠÀçºÎÆà ½Ã°£´ë´Â ´ÙÀ½°ú °°½À´Ï´Ù.. 1Â÷ ÀÏÁ¤ : 9¿ù 03ÀÏ (¸ñ¿äÀÏ) 0½Ã ~ 4½Ã [1:1»ó´ã°Ô½ÃÆÇ ¹Ù·Î°¡±â] °¨ »ç ÇÕ ´Ï ´Ù. |
¼¹ö Á¤±â Á¡°Ë ¾È³» (2009.09.10 : ¿Ï·á) |
Kernel ¹ö±× º¸¾ÈÆÐÄ¡(¿Ï·á) |
|
|