Home | Data Center | Contact US | Login

Á¦¸ñ [MS10-070] ASP.NET °ü·Ã MS ºñÁ¤±â º¸¾È¾÷µ¥ÀÌÆ® ±Ç°í
ÀÛ¼ºÀÏ 2010-09-30 09:29:00

¡à ¿µÇâ
  o °ø°ÝÀÚ°¡ ¿µÇâ ¹Þ´Â ½Ã½ºÅÛÀÇ Á¤º¸ À¯Ãâ °¡´É

¡à ¼³¸í 
  o ASP.NET ÇÁ·¹ÀÓ¿öÅ©°¡ ¾ÇÀÇÀûÀ¸·Î Á¶ÀÛµÈ µ¥ÀÌÅ͸¦ ó¸®ÇÏ´Â °úÁ¤¿¡¼­ ViewStateÇʵå¿Í °°Àº
    ¾ÏȣȭµÈ µ¥ÀÌÅͳª Web.config¿Í °°Àº ¼³Á¤ ÆÄÀÏÀÇ ³»¿ëÀ» ³ëÃâ½ÃÅ°´Â ¹®Á¦Á¡
    ¡Ø ASP.NET : MSÞä¿¡¼­ ¸¸µç À¥ Ç÷§Æû ±â¼ú
    ¡Ø ViewState : ASP.NETÀ» »ç¿ëÇÏ´Â À¥»çÀÌÆ®¿¡¼­ »ç¿ëÀÚÀÇ À¥ÆäÀÌÁö »óŸ¦ ÀúÀåÇϱâ À§ÇØ
       »ç¿ëµÇ´Â ¼Ó¼º°ª
    ¡Ø Web.config : ASP.NETÀ» »ç¿ëÇÏ´Â À¥ÆäÀÌÁö¿¡ ´ëÇÑ ¼³Á¤ ÆÄÀÏ

  o °ø°ÝÀÚ´Â ÇØ´ç Ãë¾àÁ¡À» ÀÌ¿ëÇÏ¿© Ãë¾àÇÑ À¥¼­¹öÀÇ ¾ÏȣȭµÈ µ¥ÀÌÅͳª ½Ã½ºÅÛÀÇ Á¤º¸ ȹµæ °¡´É

  o °ü·ÃÃë¾àÁ¡ :
    -  ASP.NET Padding Oracle Vulnerability - CVE-2010-3332 

  o ¿µÇâ : Á¤º¸À¯Ãâ

  o Áß¿äµµ : Áß¿ä

¡à ÇØ´ç ½Ã½ºÅÛ
   o ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î

    - .NET Framework 1.1 SP1 on Windows XP SP3, Professional x64 Edition SP2, 
       Windows Server 2003 SP2, x64 Edition SP2, Windows Server 2003 SP2 for Itanium Systems,
       Windows Vista SP1, SP2, for 32-bit, x64 Edition, Windows Server 2008 SP0, SP2 for 32-bit,
       x64 Systems, Windows Server 2008 SP0, SP2 for Itanium Systems 

    - .NET Framework 2.0 SP2 on Windows XP SP3, Professional x64 Edition SP2,
       Windows Server 2003 SP2, x64 Edition SP2, Windows Server 2003 with SP2 for
       Itanium-based Systems, Windows Vista SP1, SP2 for 32-bit, x64 Edition, Windows Server
       2008 for 32-bit Systems SP0, SP2, Windows Server 2008 for x64 Systems SP0, SP2

    - .NET Framework 3.5 on Windows XP SP3, Professional x64 Edition SP2, Windows Server
       2003 SP2, x64 Edition SP2, Windows Server 2003 with SP2 for Itanium Systems,
       Windows Vista SP1, SP2, for 32-bit, x64 Edition, Windows Server 2008 for 32-bit
       Systems SP0, SP2, Windows Server 2008 for x64 Systems SP0, SP2, Windows Server 2008
       for Itanium Systems, SP0, SP2

    - .NET Framework 3.5 SP1 on Windows XP SP3, Professional x64 Edition SP2,
       Windows Server 2003 SP2, x64 Edition SP2, Windows Server 2003 with SP2 for Itanium
       Systems, Windows Vista SP1, SP2, for 32-bit, x64 Edition, Windows Server 2008 SP0,
       SP2 for 32-bit, 64-bit Systems, Windows Server 2008 for Itanium Systems SP0, SP2

    - .NET Framework 3.5.1  on Windows 7 for 32-bit Systems, x64-based Systems,
       Windows Server 2008 R2 for x64 Systems, Windows Server 2008 R2 for Itanium systems

    - .NET Framework 4.0 on Windows XP SP3, Professional x64 Edition SP2,
       Windows Server 2003 SP2, x64 Edition SP2, Windows Server 2003 with SP2 for Itanium
       Systems, Windows Vista SP1, SP2, for 32-bit, x64 Edition, Windows Server 2008 Systems
       SP0, SP2, for 32-bit, 64-bit, Windows Server 2008 for Itanium Systems SP0, SP2, Windows 7
       for 32-bit Systems, x64 Systems, Windows Server 2008 R2 for x64 Systems,
       Windows Server 2008 R2 for Itanium-based systems

  o ¿µÇâ ¹ÞÁö ¾Ê´Â ¼ÒÇÁÆ®¿þ¾î 

    - .NET Framework 1.0 SP3 on Windows XP Media Center and Tablet PC 2005

¡à ÇØ°áÃ¥

   o ÇØ´ç ½Ã½ºÅÛ¿¡ ´ëÇÑ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®»çÀÇ Ãë¾àÁ¡ ÆÐÄ¡ Àû¿ë

[Âü°í»çÀÌÆ®]

  o ¿µ¹® : http://www.microsoft.com/technet/security/Bulletin/MS10-070.mspx
  o ÇÑ±Û : http://www.microsoft.com/korea/technet/security/bulletin/MS10-070.mspx
  Adobe Reader/Acrobat ´ÙÁß Ãë¾àÁ¡ º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í
  Adobe Flash Player ºñÁ¤±â º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í






ȸ»ç¼Ò°³ °³ÀÎÁ¤º¸Ãë±Þ¹æħ ÀÌ¿ë¾à°ü À̸ÞÀÏÁÖ¼Ò ¹«´Ü¼öÁý°ÅºÎ CONTACT US IDC ¾àµµ
ȸ»ç¼Ò°³ °³ÀÎÁ¤º¸Ãë±Þ¹æħ ÀÌ¿ë¾à°ü À̸ÞÀÏÁÖ¼Ò ¹«´Ü¼öÁý°ÅºÎ CONTACT US IDC ¾àµµ ȸ»ç¼Ò°³ °³ÀÎÁ¤º¸Ãë±Þ¹æħ ÀÌ¿ë¾à°ü À̸ÞÀÏÁÖ¼Ò ¹«´Ü¼öÁý°ÅºÎ CONTACT US IDC ¾àµµ