DSM 5.0-4493 Update 7 ¾÷µ¥ÀÌÆ® ³»¿ë (²À ÆÐÄ¡ Çϼ¼¿ä)
Version : 5.0-4493 Update 7
(2014/09/29)
Fixed Issues
- Fixed a potential risk on Bash command shell (CVE-2014-6271 and CVE-2014-7169).
---------
전세계적으로 이슈가 된 bash command shell 보안구멍를 패치했나 보네요.
이전 OpenSSL 보안구멍 보다 훨씬 심각한 것으로 평가되는 녀석입니다. 다들 꼭 패치하세요
bash 를 사용하는 시스템의 경우 cgi 웹페이지를 통해
누구라도 시스템의 쉘스크립트 명령을 실행할 수 있습니다 ㅡ.ㅡ;;
¹Ù·Î ´ëÀÀÇϳ׿ä~ Á¤º¸°¨»çÇÕ´Ï´Ù~
Âü°í·Î º»ÀÎÀÇ bash°¡ Ãë¾àÁ¡ÀÖ´ÂÁö ¿©ºÎ È®ÀÎÇÏ´Â ¹æ¹ýÀº
synology´Â ¸µÅ© ¾È°É°í sh·Î ¾²°íÀֱ⶧¹®¿¡ shell ¿¡¼
env x='() { :;}; echo vul' sh -c "echo test"
ÀÌ·¸°Ô Çؼ test¸¸ ³ª¿Í¾ß Á¤»óÀ̳׿ä~ vul À̳ª¿È bash(sh) ¾÷µ¥ÀÌÆ® ÇÊ¿äÇÕ´Ï´Ù~
DSM¾÷µ¥ÀÌÆ® ÇÏ°í³ª´Ï Á¤»óÀÎ°Ô È®Àε˴ϴÙ~
Synology will release the corresponding update to address this weakness for the following models. We have confirmed that models which are not in this list are not concerned by this bash vulnerability.
15-series: DS415+
14-series: RS3614xs+, RS2414+, RS2414RP+, RS814+, RS814RP+, RS3614xs, RS3614RPxs
13-series: DS2413+, DS713+, RS10613xs+, RS3413xs+, DS1813+, DS1513+
12-series: DS712+, DS1512+, DS1812+, DS3612xs, RS3412xs, RS3412RPxs, DS412+, RS812+, RS812RP+, RS2212+, RS2212RP+
11-series: DS3611xs, RS3411xs, RS3411RPxs, DS2411+, RS2211+, RS2211RP+, DS1511+, DS411+II, DS411+
10-series: DS1010+, RS810+, RS810RP+, DS710+
»óÀ§ ¸ðµ¨¸¸ ÇØ´çµÇ´Â°Í °°½À´Ï´Ù.
ds214+ ÀÎ Á¦²¨´Â ¾÷µ¥ÀÌÆ®°¡ ¶ßÁú ¾Ê½À´Ï´Ù.
5.0-4493 Update 7 ¾÷µ¥ÀÌÆ®´Â µÇÁö ¾Ê°í Update 5 Àε¥
Ãë¾àÁ¡ÀÌ ¾ø´Â °ÍÀ¸·Î ³ª¿É´Ï´Ù.
Ãë¾àÁ¡ ¹®Á¦µµ Á¦Ç°¸¶´Ù ´Ù¸¥°¡º¾´Ï´Ù.