\nwu-* \uc528\ub9ac\uc988\uc5d0 \ub458\uc9f8\uac00\ub77c\uba74 \uc11c\ub7ec\uc6b4 \ubcf4\uc548\ubc84\uadf8 \ub2e8\uace8 OpenSSL\uc774 \ub610 \ubcf4\uc548 \ubc84\uadf8\ub97c \ubc1c\ud45c\ud588\uc2b5\ub2c8\ub2e4. (\ud06c\ud06c — \ubb54\uac00 \ud63c\uc790 \uc990\uac81\ub2e4;;)\n<\/p>\n
\n\uc774\ubc88 \ubc84\uadf8\ub294 \uc778\uc99d\uc11c \ub370\uc774\ud130\ub97c \uc778\ucf54\ub529\ud560 \ub54c \uc0ac\uc6a9\ub418\ub294 ASN.1\uc758 \ud30c\uc11c\uc5d0\uc11c \ubc1c\uacac\ub418\uc5c8\ub294\ub370, \uc0ac\uc2e4\uc0c1 \ub300\ubd80\ubd84\uc758 SSL \ucf54\ub4dc\uc5d0\uc11c ASN.1 \ud30c\uc2f1\uc740 \uaf2d \uac70\uce58\uae30 \ub54c\ubb38\uc5d0 \uc11c\ubc84\uac00 \uacc4\uc18d \ub098\uc790\ube60\uc9c0\ub294 \ub4f1;; \uc704\ud5d8\ud558\uac8c \uc791\uc6a9\ud558\uac8c \ub429\ub2c8\ub2e4. \uad6c\uccb4\uc801\uc73c\ub85c \uc801\uc6a9\ub418\ub294 \ubd80\ubd84\uc744 \ubc88\uc5ed\ud574 \ubcf4\uc790\uba74:\n<\/p>\n
\nOpenSSL 0.9.7\uc5d0\ub9cc \uc801\uc6a9\ub418\ub294 \ubb38\uc81c: \uc798\ubabb\ub41c \ud615\uc2dd\uc758 ASN.1\uc774 \ub4e4\uc5b4\uc654\uc744 \ub54c SSL\uc744 \uac70\uc808\ud558\ub294 \uacbd\uc6b0\uc5d0 \uba54\ubaa8\ub9ac \ud574\uc81c(deallocation)\uac00 \uc77c\uc5b4\ub098\uac8c \ub418\ub294\ub370 \uc774 \ubd80\ubd84\uc5d0\uc11c \uc798\ubabb\ub41c \ud574\uc81c \ucf54\ub4dc\uac00 \ub4e4\uc5b4\uc788\uc5b4\uc11c \uacb0\uad6d \ud504\ub85c\uc138\uc2a4\uac00 \uc8fd\uac8c \ub418\ub294 \ub4f1\uc758 Denial of Service \uacf5\uaca9\uc5d0 \uc0ac\uc6a9\ub420 \uc218 \uc788\ub294 \ubc84\uadf8\uac00 \ubc1c\uacac\ub418\uc5c8\uc2b5\ub2c8\ub2e4.\n<\/p>\n<\/li>\n
\n\uba87\uac00\uc9c0 \uc790\uc8fc \uc0ac\uc6a9\ub418\uc9c0 \uc54a\ub294 ASN.1 \ud0dc\uadf8\uc5d0\uc11c, \ubc84\ud37c \uc544\uc6c3\ubc14\uc6b4\ub4dc \ubb38\uc81c \ubc1c\uacac. \ubc84\ud37c \ub05d\uc744 \uc798\ubabb \ud3ec\uc778\ud2b8\ud574\uc11c \uc77d\uac8c \uc720\ub3c4\ud560 \uc218 \uc788\uae30 \ub54c\ubb38\uc5d0 \ub9c8\ucc2c\uac00\uc9c0\ub85c \ub8e8\ud2f4\uc774 \uc8fd\uc744 \uc218 \uc788\uc5b4\uc11c DoS\uacf5\uaca9\uc5d0 \uc545\uc6a9\ub420 \uc218 \uc788\uc2b5\ub2c8\ub2e4. \uc774 \ubc84\uadf8\ub294 0.9.6\uc5d0\ub3c4 \uc801\uc6a9\ub429\ub2c8\ub2e4.\n<\/p>\n<\/li>\n
\n\uc778\uc99d\uc11c\uc5d0 \uc798\ubabb\ub41c \ud615\uc2dd\uc758 \ud37c\ube14\ub9ad \ud0a4\uac00 \ub4e4\uc5b4\uc788\ub294 \uacbd\uc6b0\uc5d0 \uc81c\ub300\ub85c \ub418\uc5b4\uc788\ub294\uc9c0 \ub514\ucf54\ub529 \uc804\uc5d0 \ud655\uc778\ud558\ub294 \ub8e8\ud2f4\uc5d0\uc11c \uc778\uc99d\uc11c \uc798\ubabb\uc744 \ubb34\uc2dc\ud558\ub294 \uacbd\uc6b0\uc5d0 \ud504\ub85c\uc138\uc2a4\uac00 \ud06c\ub798\uc26c\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4. \uc77c\ubc18\uc801\uc73c\ub85c \ub514\ubc84\uae45 \uc635\uc158\uc744 \ub048 \uc0c1\ud0dc\uc5d0\uc11c\ub294 \ud56d\uc0c1 \ubb34\uc2dc\ub418\uae30 \ub54c\ubb38\uc5d0 \ub298 \uc545\uc6a9\ub420 \uc218 \uc788\ub294 \ubc84\uadf8\ub77c\uace0 \ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.\n<\/p>\n<\/li>\n
\nSSL\/TLS \ud504\ub85c\ud1a0\ucf5c \ud578\ub4e4\ub9c1\uc758 \uc5d0\ub7ec\ub85c \uc778\ud574\uc11c \uc11c\ubc84\uac00 \ud2b9\ubcc4\ud788 \uc694\uccad\ud558\uc9c0 \uc54a\uc740 \uc0c1\ud669\uc5d0\uc11c\ub3c4 \ud074\ub77c\uc774\uc5b8\ud2b8\uc758 \uc778\uc99d\uc11c\ub97c \uc77d\uac8c \ub41c\ub2e4\uace0 \ud569\ub2c8\ub2e4. \uc774 \ubd80\ubd84\uc740 \uc9c1\uc811\uc801\uc73c\ub85c \uc5f0\uacb0\ub418\ub294 \ubcf4\uc548 \ucde8\uc57d\uc810\uc774 \uc788\ub294 \uac83\uc740 \uc544\ub2c8\uc9c0\ub9cc, SSLv1, SSLv2, SSLv3\uc758 \uac01\uac01 \ud504\ub85c\ud1a0\ucf5c \uc790\uccb4\uc0c1\uc758 \uacb0\ud568\uc744 \uc0c1\uc704 \ubc84\uc804\uc5d0\uc11c \uc6d0\uce58 \uc54a\uac8c \ud5c8\uc6a9\ud560 \uc218 \uc788\uac8c \ub41c\ub2f5\ub2c8\ub2e4.\n<\/p>\n<\/li>\n
\n\uc774\ubc88 \ubc84\uadf8\ub294 OpenSSH\uac74\ucc98\ub7fc root\uac00 \ub6ab\ub9b0\ub2e4\ub358\uc9c0 \ud558\ub294 \uc77c\uc740 \uc5c6\uc9c0\ub9cc \ubaa8\ub450 \uc27d\uac8c \ubc1c\uc0dd\uc2dc\ud0ac \uc218 \uc788\ub294 DoS\ucf54\ub4dc\ub4e4\uc774 \uc774\ubbf8 \uacf5\uac1c\ub418\uc5b4 \uc788\uae30 \ub54c\ubb38\uc5d0, \uc6d0\ud55c\uc744 \uc0b0 \ubd84\ub4e4\uc740 \uc5bc\ub978 \uc5bc\ub978 \uc5c5\ub370\uc774\ud2b8 \ud558\uc154\uc57c \ub420 \ub4ef \ud569\ub2c8\ub2e4. \uc801\uc6a9\ub418\ub294 \ubc84\uc804\uc740 \uad6c\uc11d\uae30\uc2dc\ub300\uc758 SSLeay\ub97c \ud3ec\ud568\ud55c OpenSSL 0.9.7b\uae4c\uc9c0\uc758 \ubc84\uc804\uc774\ub77c\uace0 \ud569\ub2c8\ub2e4. \uac04\ub2e8\ud788 \ub9d0\ud574\uc11c “\uc9c0\uae08 \uc4f0\ub294 \ubaa8\ub4e0 \ubc84\uc804\uc740 \uad6c\uba4d\uc774 \uc22d\uc22d~” \uc774\ub780 \ub9d0;; =3 =33\n<\/p>\n
\n\uc9c0\uae08 \uae00\uc744 \uc4f0\uace0 \uc788\ub294 \ud604\uc7ac FreeBSD\uc5d0\ub294 \ubcf4\uc548 \ud328\uce58\uac00 \uc801\uc6a9\ub418\uc5b4 \uc788\uc9c0 \uc54a\uace0, Python\uc740 2.3.2\uc5d0\uc11c 0.9.7c\ub97c \uae30\ubc18\uc73c\ub85c \uc791\uc5c5\ud560 \uc608\uc815\uc774\ub77c\uace0 \ud569\ub2c8\ub2e4.\n<\/p>\n
\n\uc990 \ud328\uce58~;;;\n<\/p>\n
\n OpenSSL\uce21 \ubc1c\ud45c: http:\/\/www.openssl.org\/news\/secadv_20030930.txt<\/a>\n<\/p>\n<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":" wu-* \uc528\ub9ac\uc988\uc5d0 \ub458\uc9f8\uac00\ub77c\uba74 \uc11c\ub7ec\uc6b4 \ubcf4\uc548\ubc84\uadf8 \ub2e8\uace8 OpenSSL\uc774 \ub610 \ubcf4\uc548 \ubc84\uadf8\ub97c \ubc1c\ud45c\ud588\uc2b5\ub2c8\ub2e4. (\ud06c\ud06c — \ubb54\uac00 \ud63c\uc790 \uc990\uac81\ub2e4;;) \uc774\ubc88 \ubc84\uadf8\ub294 \uc778\uc99d\uc11c \ub370\uc774\ud130\ub97c \uc778\ucf54\ub529\ud560 \ub54c \uc0ac\uc6a9\ub418\ub294 ASN.1\uc758 \ud30c\uc11c\uc5d0\uc11c \ubc1c\uacac\ub418\uc5c8\ub294\ub370, \uc0ac\uc2e4\uc0c1 \ub300\ubd80\ubd84\uc758 SSL \ucf54\ub4dc\uc5d0\uc11c ASN.1 \ud30c\uc2f1\uc740 \uaf2d \uac70\uce58\uae30 \ub54c\ubb38\uc5d0 \uc11c\ubc84\uac00 \uacc4\uc18d \ub098\uc790\ube60\uc9c0\ub294 \ub4f1;; \uc704\ud5d8\ud558\uac8c \uc791\uc6a9\ud558\uac8c \ub429\ub2c8\ub2e4. \uad6c\uccb4\uc801\uc73c\ub85c \uc801\uc6a9\ub418\ub294 \ubd80\ubd84\uc744 \ubc88\uc5ed\ud574 \ubcf4\uc790\uba74: OpenSSL 0.9.7\uc5d0\ub9cc \uc801\uc6a9\ub418\ub294 \ubb38\uc81c: \uc798\ubabb\ub41c \ud615\uc2dd\uc758 ASN.1\uc774 \ub4e4\uc5b4\uc654\uc744 … Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[],"class_list":["post-123","post","type-post","status-publish","format-standard","hentry","category-computer"],"_links":{"self":[{"href":"https:\/\/openlook.org\/wp\/wp-json\/wp\/v2\/posts\/123","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/openlook.org\/wp\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/openlook.org\/wp\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/openlook.org\/wp\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/openlook.org\/wp\/wp-json\/wp\/v2\/comments?post=123"}],"version-history":[{"count":0,"href":"https:\/\/openlook.org\/wp\/wp-json\/wp\/v2\/posts\/123\/revisions"}],"wp:attachment":[{"href":"https:\/\/openlook.org\/wp\/wp-json\/wp\/v2\/media?parent=123"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/openlook.org\/wp\/wp-json\/wp\/v2\/categories?post=123"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/openlook.org\/wp\/wp-json\/wp\/v2\/tags?post=123"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}