±â¼ú ÀÚ·á½Ç
[Linux] OpenSSH CVE-2023-38408 º¸¾È Ãë¾àÁ¡ Á¶Ä¡ |
---|
Date : 2023-12-26
Name : ¼¹ö¸ó
Hits : 295
|
¾È³çÇϼ¼¿ä. ÁÖ½Äȸ»ç ¼¹ö¸ó ÀÔ´Ï´Ù. ±Ý¹ø Æ÷½ºÆÿ¡¼´Â OpenSSH CVE (Common Vulnerabilities and Exposures) Áï ¾Ë·ÁÁø º¸¾È¹®Á¦¿¡ ´ëÇÑ ºÐ¼®°ú Á¶Ä¡ ¹æ¹ý¿¡ ´ëÇؼ ¾Ë¾Æº¸µµ·Ï ÇÏ°Ú½À´Ï´Ù.
CVE ¶õ?
CVE(Common Vulnerabilities and Exposures)´Â °ø°³ÀûÀ¸·Î ¾Ë·ÁÁø ÄÄÇ»ÅÍ º¸¾È °áÇÔ ¸ñ·ÏÀÔ´Ï´Ù. CVE´Â º¸Åë CVE ID ¹øÈ£°¡ ÇÒ´çµÈ º¸¾È °áÇÔÀ» ¶æÇÕ´Ï´Ù. CVE´Â "Common Vulnerabilities and Exposures"ÀÇ ¾àÀÚ·Î, ÄÄÇ»ÅÍ ½Ã½ºÅÛ ¹× ¼ÒÇÁÆ®¿þ¾î¿¡¼ ¹ß°ßµÈ º¸¾È Ãë¾àÁ¡µéÀ» ½Äº°ÇÏ°í ÃßÀûÇϱâ À§ÇÑ ±¹Á¦ÀûÀÎ ½Äº°Ã¼°èÀÔ´Ï´Ù. ÀÌ ½Ã½ºÅÛÀº °¢°¢ÀÇ º¸¾È Ãë¾àÁ¡¿¡ ´ëÇØ °íÀ¯ÇÑ ½Äº°¹øÈ£(CVE ID)¸¦ ºÎ¿©ÇÏ¿© À̸¦ ÃßÀûÇÏ°í ±â·ÏÇÔÀ¸·Î½á, º¸¾È Àü¹®°¡µéÀÌ Ãë¾àÁ¡¿¡ ´ëÇÑ Á¤º¸¸¦ °øÀ¯ÇÏ°í, ÇØ´ç Ãë¾àÁ¡À» ÆľÇÇÏ°í ´ëÀÀÇÏ´Â µ¥ µµ¿òÀ» ÁÝ´Ï´Ù. CVE ID´Â "CVE-YYYY-NNNN" Çü½ÄÀ» °¡Áö¸ç, YYYY´Â ÇØ´ç Ãë¾àÁ¡ÀÌ ¹ß°ßµÈ ¿¬µµ¸¦, NNNNÀº ÀϷùøÈ£¸¦ ³ªÅ¸³À´Ï´Ù. ¿¹¸¦ µé¾î, "CVE-2023-38408"Àº 2023³â¿¡ ¹ß°ßµÈ ƯÁ¤ º¸¾È Ãë¾àÁ¡À» ½Äº°ÇÏ´Â ¹øÈ£ÀÏ ¼ö ÀÖ½À´Ï´Ù. º¸Åë CVE´Â º¸¾È ¾÷µ¥ÀÌÆ®, ÆÐÄ¡, ¶Ç´Â ÇØ´ç Ãë¾àÁ¡¿¡ ´ëÇÑ Á¤º¸¸¦ °øÀ¯ÇÏ´Â µ¥ »ç¿ëµË´Ï´Ù. À̸¦ ÅëÇØ ¼ÒÇÁÆ®¿þ¾î Á¦Á¶»ç, º¸¾È ¿¬±¸ÀÚ, ½Ã½ºÅÛ °ü¸®ÀÚ µîÀÌ Ãë¾àÁ¡¿¡ ´ëÀÀÇÏ°í »ç¿ëÀÚµéÀ» º¸È£ÇÒ ¼ö ÀÖ°Ô µË´Ï´Ù.
OpenSSH(CVE-2023-38408)
2023³â 7¿ù 19ÀÏ Redaht Àº OpenSSH °ü·Ã »õ·Î¿î Ãë¾àÁ¡À» ¹ß°ß ÇÏ¿´½À´Ï´Ù. »ç¿ëÀÚ°¡ ÇØÄ¿¿¡°Ô °ø°Ý¹Þ¾Æ °¨¿µµÈ SSH ¼¹ö¿¡ Ưº°ÇÑ ¹æ¹ýÀ» ÅëÇØ Á¢¼ÓÇÒ °æ¿ì ÇÇÇØ PC¿¡¼ ÀÓÀÇÀÇ ¶óÀ̺귯¸®¸¦ È£ÃâÀÌ °¡´ÉÇÏ°í. ƯÁ¤ Á¶°Ç¿¡¼´Â ÇÇÇØÀÚÀÇ PC¿¡¼ ¿ø°Ý Äڵ带 ½ÇÇà ÇÒ ¼ö ÀÖ´Â ¹®Á¦Á¡À» È®ÀÎ ÇÏ¿´½À´Ï´Ù.
¿µÇâ ¹Þ´Â ½Ã½ºÅÛ
´ëÀÀ¹æ¹ýOpenSSH ÆÐÄ¡
CVE-2023-38408 Ãë¾àÁ¡ÀÌ ÆÐÄ¡µÈ ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ®¸¦ ÁøÇàÇÕ´Ï´Ù. Redhat OS´Â ¾Æ·¡ ¹öÀü ÀÌ»óÀ¸·Î ¾÷µ¥ÀÌÆ®¸¦ ÁøÇàÇÕ´Ï´Ù.
SSH Agent Forwarding -A ¿É¼Ç ºñÈ°¼ºÈ½Å·ÚÇÒ¼ö ¾ø´Â ¼¹ö¿¡ SSH ¿¬°á½Ã -A ¿É¼ÇÀ» »ç¿ëÇÏÁö ¾Ê½À´Ï´Ù. SSH Agent ForwardingÀº SSH Å° ¹× ÀÎÁõ¿¡ °ü·ÃµÈ ÇÁ·Î¼¼½º¸¦ ¾ÈÀüÇÏ°Ô Àü´ÞÇÏ´Â ±â´ÉÀÔ´Ï´Ù. ÀϹÝÀûÀ¸·Î ¿ø°Ý ¼¹ö¿¡ SSH·Î Á¢¼ÓÇÒ ¶§ ·ÎÄà ÄÄÇ»ÅÍÀÇ SSH Å°¸¦ »ç¿ëÇϴµ¥, Agent ForwardingÀ» »ç¿ëÇÏ¸é ·ÎÄà ÄÄÇ»ÅÍ¿¡ ÀÖ´Â SSH ¿¡ÀÌÀüÆ®¸¦ ÅëÇØ ¿ø°Ý ¼¹ö·Î ÀÎÁõÀ» Àü´ÞÇÒ ¼ö ÀÖ½À´Ï´Ù. Agent ForwardingÀÌ È°¼ºÈµÇ¸é ¿ø°Ý ¼¹ö·Î Á¢¼ÓÇÑ ÈÄ¿¡µµ ·ÎÄà ÄÄÇ»ÅÍÀÇ SSH Å°¸¦ »ç¿ëÇÏ¿© ´Ù¸¥ ¼¹ö¿¡ Á¢¼ÓÇÒ ¼ö ÀÖ½À´Ï´Ù. À̸¦ ÅëÇØ Áß°£ ¼¹ö¸¦ °ÅÄ¡Áö ¾Ê°íµµ ·ÎÄÿ¡¼ ¿ø°Ý ¼¹ö¸¦ ÅëÇØ ´Ù¸¥ ¼¹ö·Î Á¢¼ÓÇÒ ¼ö ÀÖ°Ô µË´Ï´Ù. °¨»çÇÕ´Ï´Ù.
ÀÚ·á Âü°í : https://access.redhat.com/security/cve/cve-2023-38408 https://www.cve.org/CVERecord?id=CVE-2023-38408 https://nvd.nist.gov/vuln/detail/CVE-2023-38408 https://knvd.krcert.or.kr/detailSecNo.do?IDX=5961
1u¼¹ö / APC / DB / defog / DEFOG·¢ / dell5820 / dell5820t / dell7920 / dellpoweredge / dellr240 / dellr340 / dellr350 / dellr450 / dellr540 / dellr630 / dellr640 / dellr740 / dellr750 / dellserver / dellt40 / dellt440 / dellt5820 / dell¼¹ö / DELL¼¹öCPU / DELL¼¹öRAIDÄÁÆ®·Ñ·¯ / DELL¼¹öSASÇϵåµð½ºÅ© / DELL¼¹ö°¡°Ýºñ±³ / DELL¼¹ö°¡°Ýºñ±³°ßÀû / DELL¼¹ö°ßÀû / DELL¼¹ö±¸¸Å / DELL¼¹öµð½ºÅ©±³Ã¼ / DELL¼¹ö¸Þ¸ð¸® / DELL¼¹öÆß¿þ¾î / DELL¼¹öÇϵåµð½ºÅ©±¸¸Å / dell¿öÅ©½ºÅ×ÀÌ¼Ç / dl20 / dl20gen10 / dl360 / dl360gen10 / dl380 / dl380g10 / dl380gen10 / ECC¸Þ¸ð¸® / EDFOG·¢°¡°Ý / ESTSOFT / FIRMWARE / gpu¼¹ö / gpuŸ¿öÇü¼¹ö / HA¼Ö·ç¼Ç / hpdl20 / hpdl360 / hpdl360gen10 / hpdl380 / hpdl380g10 / HPE / HPE Service Pack for Proliant / HPE SPP / hpedl20 / hpedl20gen10 / hpedl360gen10 / hpe¼¹ö / HPE¼¹öCPU / HPE¼¹öRAIDÄÁÆ®·Ñ·¯ / HPE¼¹öSASÇϵåµð½ºÅ© / HPE¼¹ö°¡°Ýºñ±³ / HPE¼¹ö°¡°Ýºñ±³°ßÀû / HPE¼¹ö°ßÀû / HPE¼¹ö±¸¸Å / HPE¼¹öµå¶óÀ̹ö¼³Ä¡ / HPE¼¹öµð½ºÅ©±³Ã¼ / HPE¼¹ö¸Þ¸ð¸® / HPE¼¹öºñ¿ë / HPE¼¹öÆß¿þ¾î / HPE¼¹öÇϵåµð½ºÅ©±¸¸Å / hpgen10 / hpml30 / hpserver / hpz2 / hpz4 / hpz420 / hpz440 / hpz4g4 / hpz640 / hpz6g4 / hpz8g4 / hp¸¶ÀÌÅ©·Î¼¹ö / hp¼¹ö / hp¼¹ö800 / hp¼¹ö800w / hp¼¹öcto / hp¼¹öpc / HP¼¹ö¸Þ¸ð¸® / hp¼¹öÄÄÇ»ÅÍ / HP¼¹öÆß¿þ¾î / HP¼¹öÇϵåµð½ºÅ© / hp¿öÅ©½ºÅ×ÀÌ¼Ç / hpÇÁ·Î¶óÀ̾ðÆ® / HYPER BACKUP / ibm¼¹ö / Intelligent Provisioning / KVM / KVM ±â¼úÁö¿øºñ(ºñ¿ë) / KVM ¼³Ä¡ºñ / L2½ºÀ§Ä¡ / L3½ºÀ§Ä¡ / LENONO¼¹öSASÇϵåµð½ºÅ© / lenovop620 / lenovor650 / LENOVO¼¹ö / LENOVO¼¹öCPU / LENOVO¼¹öRAIDÄÁÆ®·Ñ·¯ / LENOVO¼¹ö°¡°Ýºñ±³ / LENOVO¼¹ö°¡°Ýºñ±³°ßÀû / LENOVO¼¹ö°ßÀû / LENOVO¼¹ö±¸¸Å / LENOVO¼¹öµð½ºÅ©±³Ã¼ / LENOVO¼¹ö¸Þ¸ð¸® / LENOVO¼¹öÇϵåµð½ºÅ©±¸¸Å / LENOVOÆß¿þ¾î¾÷µ¥ÀÌÆ® / Linux / ML30 / ml30gen10 / ML350GEN10 / ML360 / MSSQL / MSSQL ±â¼úÁö¿øºñ(ºñ¿ë) / MSSQL ¼³Ä¡ºñ / MYSQL / MySQL ±â¼úÁö¿øºñ(ºñ¿ë) / MySQL ¼³Ä¡ºñ / OS¼³Ä¡ / p17079-b21 / poweredger740 / poweredger750 / precision5820 / QUADRO / QUADRO±×·¡ÇÈÄ«µå / r240 / r340 / r440 / r740 / RHEL¼³Ä¡ / RMS·¢ / server / serverpc / SOPHOS / SPP / sr250 / sr650 / SYNOLOGY / SYNOLOGY³ª½º / UPS / UPS±â¼úÁö¿ø / UPS³³Ç° / UPS¼³Ä¡ / V3 / Windows¼¹ö¼³Ä¡ / z420 / z620 / z840 / z8g4 / ±â¼úÁö¿øºñ(ºñ¿ë) / ³ª½º±â¼úÁö¿ø / ³ª½º¼³Ä¡Áö¿ø / ³×Æ®¿öÅ©½ºÀ§Ä¡ / ³×Æ®¿öÅ©Àåºñ / ´õºíÅ×ÀÌÅ© / µ¥ÀÌÅͺ£À̽º / µ¨5820 / µ¨¼¹ö / µ¨¼¹öºñ¿ë / µ¨¼¹öÆß¿þ¾î¾÷µ¥ÀÌÆ® / µ¨¿öÅ©½ºÅ×ÀÌ¼Ç / µ¨ÄÄÇ»ÅÍ¿öÅ©½ºÅ×ÀÌ¼Ç / µðÆ÷±× / µðÆ÷±×·¢ / µðÆ÷±×·¢°¡°Ý / µö·¯´×pc / µö·¯´×¼¹ö / ·¢ / ·¢(RACK) ±â¼úÁö¿øºñ(ºñ¿ë) / ·¢(RACK) ¼³Ä¡ºñ / ·¢³³Ç°¼³Ä¡ / ·¢¼³Ä¡ / ·¹³ë¹öp620 / ·¹³ë¹ö¼¹ö / ·¹³ë¹ö¿öÅ©½ºÅ×ÀÌ¼Ç / ·¹³ëº¸¼¹ö / ·¹³ëº¸¼¹öÆß¿þ¾î / ·¹µåÇò¼³Ä¡ / ¸®´ª½º ±â¼úÁö¿øºñ(ºñ¿ë) / ¸®´ª½º ¼³Ä¡ºñ / ¸®´ª½º¼¹ö / ¸®´ª½º¼¹ö¼³Ä¡ / ¸®´ª½º¼¹öÆ®·¯ºí½´Æà / ¸®´ª½ºÆ®·¯ºí½´Æà / ¸®¿í½º / ¹Ì´Ï¼¹ö / ¹Ì´Ï¼¹ö·¢ / ¹æȺ® / ¹æȺ® ±â¼úÁö¿øºñ(ºñ¿ë) / ¹æȺ® ¼³Ä¡ºñ / ¹æȺ®¿£Áö´Ï¾î / ¹é¾÷ / º¸¾È¼Ö·ç¼Ç / º¸¾È¼Ö·ç¼Ç±¸¸Å / º¸¾È¼Ö·ç¼Ç¼³Ä¡ / ¼¹ö / ¼¹ö ±â¼úÁö¿øºñ(ºñ¿ë) / ¼¹ö ·¢¸¶¿îÆ®ºñ¿ë / ¼¹ö ¼³Ä¡ºñ / ¼¹ö Àå¾ÖÁ¶Ä¡ºñ¿ë / ¼¹öCPU / ¼¹öMEMORY / ¼¹öOS¼³Ä¡ / ¼¹öpc / ¼¹ö°¡°Ý / ¼¹ö±¸¸Å / ¼¹ö±â¼úÁö¿ø / ¼¹ö³³Ç° / ¼¹öµð½ºÅ©Àå¾Öó¸® / ¼¹ö·¢ / ¼¹ö·º¸¶¿îÆ® / ¼¹ö¸Þ¸ð¸® / ¼¹ö¸ó / ¼¹ö¸ó±â¼úÁö¿ø / ¼¹ö¹é¾÷ / ¼¹öº¸¾È / ¼¹ö¿£Áö´Ï¾î / ¼¹ö¿ëpc / ¼¹ö¿ë±×·¡ÇÈÄ«µå / ¼¹ö¿ë¸Þ¸ð¸® / ¼¹ö¿ëÄÄÇ»ÅÍ / ¼¹ö¿ëÇϵåµð½ºÅ© / ¼¹öÄÄ / ¼¹öÄÄÇ»ÅÍ / ¼¹öÆ®·¯ºí½´Æà / ¼¹öÈ£½ºÆà / ¼ÒÆ÷½º / ½ºÀ§Ä¡ / ½ºÀ§Ä¡ ±â¼úÁö¿øºñ(ºñ¿ë) / ½ºÀ§Ä¡ ¼³Ä¡ºñ / ½ºÅ丮Áö / ½ºÅ丮Áö ±â¼úÁö¿øºñ(ºñ¿ë) / ½ºÅ丮Áö ·¢¸¶¿îÆ®ºñ¿ë / ½ºÅ丮Áö ¼³Ä¡ºñ / ½ºÅ丮Áö Àå¾ÖÁ¶Ä¡ºñ¿ë / ½ºÅ丮Áö³³Ç°¼³Ä¡ / ½ºÅ丮Áö¼¹ö / ½Ã³î·ÎÁöDS918 / ½Ã³î·ÎÁöHyperBackup / ½Ã³î·ÎÁö³ª½º / ½Ã³î·ÎÁö³ª½º¹é¾÷ / ½Ã³î·ÎÁöÇÏÀÌÆÛ¹é¾÷ / ½ÃÅ¥¾îµð½ºÅ© / ¾È·¦ / ¾Ë¾à / ¿Þµµ¿ì¼¹ö¼³Ä¡ / ¿ìºÐÅõ¼³Ä¡ / ¿öÅ©½ºÅ×ÀÌ¼Ç / ¿öÅ©½ºÅ×À̼Çpc / ¿öÅ©½ºÅ×À̼ÇÄÄÇ»ÅÍ / À©µµ¿ì¼¹ö / À©µµ¿ì¼¹ö2016 / À©µµ¿ì¼¹ö2019 / À©µµ¿ì¼¹öÆ®·¯ºí½´Æà / À©µµ¿ìÁî ±â¼úÁö¿øºñ(ºñ¿ë) / À©µµ¿ìÁî ¼³Ä¡ºñ / À̽ºÆ®¼ÒÇÁÆ® / ÀÌÁßȼַç¼Ç / ÀÌÁßȼַç¼Ç±¸¸Å / ÀÌÁßȼַç¼Ç¼³Ä¡ / ÀÎÅͳݵð½ºÅ© / ÀÛ¾÷ÀåÄÄÇ»ÅÍ / Á¦¿Â¼¹ö / Á¨¼¹ö / Áß°í¼¹ö / Áß°í¿öÅ©½ºÅ×ÀÌ¼Ç / Ä«º¸³ªÀÌÆ® / Ä«½ºÆÛ½ºÅ° / ÄÄÇ»Åͼ¹ö / Äõµå·ÎP400 / Ÿ¿öÇü¼¹ö / Æäµµ¶ó¼³Ä¡ / ÇÁ·Î¶óÀ̾ðÆ® / GPU¼¹ö / ¹Ì´Ï¼¹ö·º / ¼¹ö¿ëPC / Á¨¼¹ö / AI¼¹ö / Á¦¿Â¼¹ö / ¼¹ö°¡°Ý / 1U¼¹ö / HPDL20Gen10 / HP¼¹ö8SFF800W / °¡»ó¼¹ö / Ÿ¿öÇü¼¹ö / HPDL360 / HPDL380Gen10 / ÄÄÇ»Åͼ¹ö / ¹Ìµð¾î¼¹ö / Ÿ¿ö¼¹ö / DB¼¹ö / HP¼¹ö580 / HP¼¹öÆÄ¿ö / HPDL360Gen10 / À©µµ¿ì¼¹öÄÄÇ»ÅÍ / XEON¼¹ö / 881457-B21 |
Content |
Name |
Date |
Hits |
---|---|---|---|
|
2023-12-26 |
295 |