ºü¸¥ ¸Þ´º
  ¼¼±Ý°è»ê¼­/¿µ¼öÁõ ¹ß±Þ
  ¿ä±Ý ³³ºÎ/¹Ì³³ Á¶È¸
°øÁö ¹× ¾È³»
  °øÁö»çÇ×
  ÀÛ¾÷°øÁö
À̺¥Æ® ¹× ½Å±Ô¼­ºñ½º
  À̺¥Æ®
  ½Å±Ô ¼­ºñ½º
»ó´ã ¹× ¹®ÀÇ
  ÀÚÁÖ ¹¯´Â Áú¹®
  1:1Áú¹®°ú ´äº¯
  ¹®ÀǸÞÀÏ º¸³»±â
  °í°´»ó´ã ÀüÈ­¹øÈ£ ¾È³»
»ç¿ë¹ý ¾È³»
  ¼­ºñ½º »ç¿ë¹ý
°í°´ÀÇ ¼Ò¸®
  ĪÂùÇÕ´Ï´Ù
  Best ĪÂù»ç¿ø
  Á¦¾ÈÇÕ´Ï´Ù
  Á¦¾È ¹Ý¿µ ³»¿ª
BlueCGI ºÒ·®»ç¿ëÀÚ ½Å°í
ºí·çÀ¥ ÄÝ¹é ¼­ºñ½º

Ȩ > °øÁö ¹× ¾È³» > °øÁö»çÇ×
Á¦¸ñ [º¸¾È] ¸¶ÀÌÅ©·Î¼ÒÇÁÆ® ASP.NET ½Å±Ô Ãë¾àÁ¡ ÁÖÀÇ µî·ÏÀÏ 2010-09-20
³»¿ë

¡à °³¿ä
   o MS ASP.NET¿¡¼­ ¾ÇÀÇÀûÀ¸·Î Á¶ÀÛµÈ µ¥ÀÌÅ͸¦ ó¸®ÇÏ´Â °úÁ¤¿¡¼­ ViewState Çʵå¿Í °°ÀÌ
     ¾ÏȣȭµÈ µ¥ÀÌÅͳª Web.config¿Í °°Àº ¼³Á¤ ÆÄÀÏÀÇ ³»¿ëÀÌ ³ëÃâµÇ´Â Ãë¾àÁ¡[1][2]
   o °ø°ÝÀÚ´Â ÇØ´ç Ãë¾àÁ¡À» ÀÌ¿ëÇÏ¿© Ãë¾àÇÑ À¥¼­¹öÀÇ ½Ã½ºÅÛ Á¤º¸ ȹµæÀÌ °¡´ÉÇÔ
   o ÇØ´ç Ãë¾àÁ¡¿¡ ´ëÇÑ Á¤º¸°¡ °ø°³µÇ¾úÀ¸¹Ç·Î, ASP.NETÀÌ ¿î¿µ ÁßÀÎ À¥¼­¹ö¿¡ ´ëÇÑ °ü¸®ÀÚÀÇ
     ÁÖÀÇ°¡ ¿ä±¸µÊ

¡à ÇØ´ç ½Ã½ºÅÛ
   o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î [1]
    - .NET Framework 1.0 SP3 on Windows XP Media Center and Tablet PC 2005
    - .NET Framework 1.1 SP1 on Windows XP SP3, Professional x64 Edition SP2,
       Windows Server 2003 SP2, x64 Edition SP2, Windows Server 2003 SP2 for Itanium Systems,
       Windows Vista SP1, SP2, Windows Server 2008 SP0, SP2 for 32-bit, x64 Systems,
       Windows Server 2008 SP0, SP2 for Itanium Systems
    - .NET Framework 2.0 SP2 on Windows XP SP3, Professional x64 Edition SP2, 
       Windows Server 2003 SP2, x64 Edition SP2, Windows Server 2003 with SP2 for
       Itanium-based Systems
    - .NET Framework 3.5 on Windows XP SP3, Professional x64 Edition SP2,
       Windows Server 2003 SP2, x64 Edition SP2,Windows Server 2003 with SP2 for
       Itanium Systems, Windows Vista SP1, SP2, Windows Server 2008 for 32-bit
       Systems SP0, SP2, Windows Server 2008 for x64 Systems SP0, SP2, Windows Server 2008
       for Itanium Systems, SP0, SP2
    - .NET Framework 3.5 SP1 on Windows XP SP3, Professional x64 Edition SP2,
       Windows Server 2003 SP2, x64 Edition SP2, Windows Server 2003 with SP2 for
       Itanium Systems, Windows Vista SP1-SP2, Windows Server 2008 SP0, SP2 for for 32-bit,
       64-bit Systems, Windows Server 2008 for Itanium Systems SP0, SP2
    - .NET Framework 3.5.1 on  Windows 7 for 32-bit Systems, x64-based Systems,
       Windows Server 2008 R2 for x64 Systems, Windows Server 2008 R2 for Itanium systems
    - .NET Framework 4.0 on     Windows XP SP3, Professional x64 Edition SP2,
       Windows Server 2003 SP2, x64 Edition SP2, Windows Server 2003 with SP2 for
       Itanium Systems, Windows Vista SP1, SP2, Windows Server 2008 Systems SP0, SP2, for
       32-bit, 64-bit, Windows Server 2008 for Itanium Systems SP0, SP2, Windows 7 for
       32-bit Systems, x64 Systems, Windows Server 2008 R2 for x64 Systems,
       Windows Server 2008 R2 for Itanium-based systems

¡à Àӽà ÇØ°á ¹æ¾È
   o ÇöÀç ÇØ´ç Ãë¾àÁ¡¿¡ ´ëÇÑ º¸¾È¾÷µ¥ÀÌÆ®´Â ¹ßÇ¥µÇÁö ¾Ê¾ÒÀ½
   o º¸¾È¾÷µ¥ÀÌÆ®°¡ ¹ßÇ¥µÇ±â Àü±îÁö, ÇØ´ç ¿î¿µÃ¼Á¦ ¹× .NETÇÁ·¹ÀÓ ¿öÅ© ¹öÀü¿¡ µû¶ó
     MS ȨÆäÀÌÁö¿¡¼­ Á¦°øÇÏ´Â Àӽà ÇØ°á ¹æ¾ÈÀ» Àû¿ëÇÏ¿© Ãë¾àÁ¡À¸·Î ÀÎÇÑ ÇÇÇظ¦ ¿¹¹æÇÔ
     ¡Ø http://www.microsoft.com/technet/security/advisory/2416728.mspx
   o KrCERT/CC ȨÆäÀÌÁö ¹× À©µµ¿ì º¸¾È ¾÷µ¥ÀÌÆ®¸¦ ÁÖ±âÀûÀ¸·Î È®ÀÎÇÏ¿©, ÇØ´ç Ãë¾àÁ¡¿¡ ´ëÇÑ
     º¸¾È ¾÷µ¥ÀÌÆ® ¹ßÇ¥ ½Ã ½Å¼ÓÈ÷ ¾÷µ¥ÀÌÆ®¸¦ Àû¿ëÇϵµ·Ï ÇÔ

¡à ¿ë¾î Á¤¸®
   o .NETÇÁ·¹ÀÓ ¿öÅ© : ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®Þä¿¡¼­ °³¹ßÇÑ À©µµ¿ì ÇÁ·Î±×·¥ °³¹ß ¹× ½ÇÇà ȯ°æ
   o ASP.NET : .NETÇÁ·¹ÀÓ¿öÅ© ±â¹Ý¿¡¼­ µ¿ÀÛÇÏ´Â À¥¾ÖÇø®ÄÉÀ̼Ç
   o ViewState : ASP.NET ÆäÀÌÁö ÇÁ·¹ÀÓ¿öÅ©¿¡¼­ ÆäÀÌÁö¸¦ ·£´õ¸µ Çϱâ Á÷Àü ÆäÀÌÁö¿Í °¢ ÄÁÆ®·Ñ
     °ªÀ» ÀÚµ¿À¸·Î ÀúÀåÇÒ ¶§ »ç¿ëµÇ´Â ±â´É
   o Web.config : ASP.NET À¥ ÇÁ·ÎÁ§Æ®ÀÇ ¼³Á¤ ÆÄÀÏ

¡à ±âŸ ¹®ÀÇ»çÇ×
   o º¸¾È¾÷µ¥ÀÌÆ®´Â ¾ðÁ¦ ¹ßÇ¥µÇ³ª¿ä?
     - ÇØ´ç º¸¾È¾÷µ¥ÀÌÆ®ÀÇ ¹ßÇ¥ ÀÏÁ¤Àº ¹ÌÁ¤À̳ª, ¹ßÇ¥ ½Ã KrCERT/CC ȨÆäÀÌÁö¸¦ ÅëÇØ ½Å¼ÓÈ÷
       °øÁöÇÒ ¿¹Á¤ÀÔ´Ï´Ù.
   o Çѱ¹ÀÎÅͳÝÁøÈï¿ø ÀÎÅͳÝħÇØ´ëÀÀ¼¾ÅÍ: ±¹¹ø¾øÀÌ 118

[Âü°í»çÀÌÆ®]
[1] http://www.microsoft.com/technet/security/advisory/2416728.mspx
[2] http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3332

¿øº» : http://www.krcert.or.kr



Á¤º¸º¸È£¾ÈÀüÁø´ÜÇÊÁõ ȹµæ Çѱ¹ÀÎÅͳÝÁøÈï¿ø °øÀÎ µµ¸ÞÀÎ µî·Ï´ëÇàÀÚ tucows kt idc sk idc
 
ºí·çÀ¥
¢ßÀ¯´ÏÆÄÀÌ ¼­¿ïƯº°½Ã ¼ºµ¿±¸ ±¤³ª·ç·Î 144, ´õ ½ºÆäÀ̽º Ÿ¿ö 7Ãþ, 13Ãþ (º»Á¡)
´ëÇ¥ÀÌ»ç : ÀÓ¼ºÈ£ »ç¾÷ÀÚµî·ÏÁõ¹øÈ£ : 106-81-85951 Åë½ÅÆǸž÷ ½Å°í¹øÈ£ : °­³² 3315È£ °³ÀÎÁ¤º¸º¸È£Ã¥ÀÓÀÚ : ÀÌÃæÈñ
Copyright¨Ï Blueweb All rights Reserved.