{"id":477344,"date":"2023-08-09T09:11:34","date_gmt":"2023-08-09T09:11:34","guid":{"rendered":""},"modified":"2023-09-05T11:14:32","modified_gmt":"2023-09-05T11:14:32","slug":"ghost-bug","status":"publish","type":"wiki","link":"https:\/\/oneproxy.pro\/kr\/wiki\/ghost-bug\/","title":{"rendered":"\uc720\ub839 \ubc84\uadf8"},"content":{"rendered":"<p>GHOST \ubc84\uadf8\ub294 \ub9ce\uc740 Linux \uae30\ubc18 \uc6b4\uc601 \uccb4\uc81c\uc758 \ud575\uc2ec \uad6c\uc131 \uc694\uc18c\uc778 GNU C \ub77c\uc774\ube0c\ub7ec\ub9ac(glibc)\uc758 \uc2ec\uac01\ud55c \ucde8\uc57d\uc810\uc785\ub2c8\ub2e4. \uc774\ub294 2015\ub144 \ucd08\uc5d0 \ubc1c\uacac\ub418\uc5c8\uc73c\uba70 \uc601\ud5a5\uc744 \ubc1b\ub294 \uc2dc\uc2a4\ud15c\uc5d0\uc11c \uc6d0\uaca9 \ucf54\ub4dc \uc2e4\ud589\uc744 \uc720\ubc1c\ud560 \uc218 \uc788\ub294 \uac00\ub2a5\uc131\uc73c\ub85c \uc778\ud574 \ube60\ub974\uac8c \uc8fc\ubaa9\uc744 \ubc1b\uc558\uc2b5\ub2c8\ub2e4. \uc774 \ubc84\uadf8\ub294 \ubc84\ud37c \uc624\ubc84\ud50c\ub85c \uacb0\ud568\uc774 \uc788\ub294 \uac83\uc73c\ub85c \ubc1d\ud600\uc9c4 GetHOST \ud568\uc218(\ub530\ub77c\uc11c GHOST)\ub97c \uc774\uc6a9\ud558\uc5ec \uc774\ub984\uc744 \uc5bb\uc5c8\uc2b5\ub2c8\ub2e4.<\/p>\n<h2>GHOST \ubc84\uadf8\uc758 \uc720\ub798\uc640 \ucd5c\ucd08 \uc5b8\uae09\uc758 \uc5ed\uc0ac<\/h2>\n<p>GHOST \ubc84\uadf8\ub294 \ubcf4\uc548 \ud68c\uc0ac\uc778 Qualys\uc758 \uc5f0\uad6c\uc6d0\uc5d0 \uc758\ud574 2015\ub144 1\uc6d4 27\uc77c\uc5d0 \ucc98\uc74c \ubc1c\uacac\ub418\uc5c8\uc2b5\ub2c8\ub2e4. Qualys \ud300\uc740 2015\ub144 1\uc6d4 27\uc77c\uc5d0 \uacf5\uac1c\uc801\uc73c\ub85c \ubc1c\ud45c\ud558\uae30 \uc804\uc5d0 glibc \uad00\ub9ac\uc790\uc640 NCCIC(National Cybersecurity and Communications Integration Center)\uc5d0 \ucde8\uc57d\uc131\uc744 \ucc45\uc784\uac10 \uc788\uac8c \uacf5\uac1c\ud588\uc2b5\ub2c8\ub2e4. \uc774\ub7ec\ud55c \uc2e0\uc18d\ud55c \uc870\uce58\ub97c \ud1b5\ud574 \uc2dc\uc2a4\ud15c \uad00\ub9ac\uc790\uc640 \uac1c\ubc1c\uc790\ub294 \uc815\ubcf4\ub97c \uc5bb\uace0 \ubb38\uc81c\ub97c \uc644\ud654\ud558\uae30 \uc704\ud574 \ub178\ub825\ud560 \uc218 \uc788\uc5c8\uc2b5\ub2c8\ub2e4.<\/p>\n<h2>GHOST \ubc84\uadf8\uc5d0 \ub300\ud55c \uc790\uc138\ud55c \uc815\ubcf4\uc785\ub2c8\ub2e4. GHOST \ubc84\uadf8 \uc8fc\uc81c \ud655\uc7a5<\/h2>\n<p>GHOST \ubc84\uadf8\ub294 \uc8fc\ub85c glibc \ub77c\uc774\ube0c\ub7ec\ub9ac\uc758 __nss_hostname_digits_dots() \ud568\uc218\uc5d0 \uc874\uc7ac\ud558\ub294 \ubc84\ud37c \uc624\ubc84\ud50c\ub85c \ucde8\uc57d\uc810\uc785\ub2c8\ub2e4. \ud504\ub85c\uadf8\ub7a8\uc774 DNS \uc694\uccad\uc744 \ud558\uba74 \uc774 \ud568\uc218\ub294 \ud638\uc2a4\ud2b8 \uc774\ub984 \ud655\uc778 \ud504\ub85c\uc138\uc2a4\ub97c \ucc98\ub9ac\ud569\ub2c8\ub2e4. \uadf8\ub7ec\ub098 \ubd80\uc801\uc808\ud55c \uc785\ub825 \uc720\ud6a8\uc131 \uac80\uc0ac\ub85c \uc778\ud574 \uc6d0\uaca9 \uacf5\uaca9\uc790\uac00 \ud2b9\ubcc4\ud788 \uc81c\uc791\ub41c \ud638\uc2a4\ud2b8 \uc774\ub984\uc744 \uc81c\uacf5\ud558\uc5ec \ubc84\ud37c \uc624\ubc84\ud50c\ub85c\uac00 \ubc1c\uc0dd\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4. \uc774 \uc624\ubc84\ud50c\ub85c\ub85c \uc778\ud574 \uc784\uc758 \ucf54\ub4dc\uac00 \uc2e4\ud589\ub418\uc5b4 \uacf5\uaca9\uc790\uac00 \uc601\ud5a5\uc744 \ubc1b\ub294 \uc2dc\uc2a4\ud15c\uc5d0 \ubb34\ub2e8\uc73c\ub85c \uc561\uc138\uc2a4\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<p>\uc774 \ucde8\uc57d\uc810\uc740 \uc6f9 \uc11c\ubc84, \uc774\uba54\uc77c \uc11c\ubc84 \ubc0f \uae30\ud0c0 \uc911\uc694\ud55c \uc11c\ube44\uc2a4\ub97c \uc2e4\ud589\ud558\ub294 \uc2dc\uc2a4\ud15c\uc744 \ud3ec\ud568\ud558\uc5ec \uad11\ubc94\uc704\ud55c Linux \uc2dc\uc2a4\ud15c\uc5d0 \uc601\ud5a5\uc744 \ubbf8\uce58\uae30 \ub54c\ubb38\uc5d0 \ud2b9\ud788 \uc704\ud5d8\ud588\uc2b5\ub2c8\ub2e4. glibc\ub294 \uc218\ub9ce\uc740 \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc5d0\uc11c \uc0ac\uc6a9\ub418\ub294 \ud544\uc218 \ub77c\uc774\ube0c\ub7ec\ub9ac\uc774\ubbc0\ub85c \uc774 \ubc84\uadf8\uc758 \uc7a0\uc7ac\uc801\uc778 \uc601\ud5a5\uc740 \uc5c4\uccad\ub0ac\uc2b5\ub2c8\ub2e4.<\/p>\n<h2>GHOST \ubc84\uadf8\uc758 \ub0b4\ubd80 \uad6c\uc870. GHOST \ubc84\uadf8\uc758 \uc791\ub3d9 \ubc29\uc2dd<\/h2>\n<p>GHOST \ubc84\uadf8\uc758 \ub0b4\ubd80 \uad6c\uc870\ub97c \uc774\ud574\ud558\ub824\uba74 \uae30\uc220\uc801\uc778 \uc138\ubd80 \uc0ac\ud56d\uc744 \uc790\uc138\ud788 \uc0b4\ud3b4\ubcf4\ub294 \uac83\uc774 \uc911\uc694\ud569\ub2c8\ub2e4. \ud504\ub85c\uadf8\ub7a8\uc774 \ud638\uc2a4\ud2b8 \uc774\ub984\uc744 \ud655\uc778\ud558\uae30 \uc704\ud574 \ucde8\uc57d\ud55c __nss_hostname_digits_dots() \ud568\uc218\ub97c \ud638\ucd9c\ud558\uba74 \ud568\uc218\ub294 \ub0b4\ubd80\uc801\uc73c\ub85c gethostbyname*() \ud568\uc218\ub97c \ud638\ucd9c\ud569\ub2c8\ub2e4. \uc774 \ud568\uc218\ub294 \ud638\uc2a4\ud2b8 \uc774\ub984-IP \uc8fc\uc18c \ud655\uc778\uc5d0 \uc0ac\uc6a9\ub418\ub294 getaddrinfo() \uacc4\uc5f4\uc758 \uc77c\ubd80\uc785\ub2c8\ub2e4.<\/p>\n<p>\ucde8\uc57d\uc810\uc740 \ud568\uc218\uac00 \ud638\uc2a4\ud2b8 \uc774\ub984 \ub0b4\uc758 \uc22b\uc790 \uac12\uc744 \ucc98\ub9ac\ud558\ub294 \ubc29\uc2dd\uc5d0 \uc788\uc2b5\ub2c8\ub2e4. \ud638\uc2a4\ud2b8 \uc774\ub984\uc5d0 \uc22b\uc790 \uac12\uacfc \uc810\uc774 \ud3ec\ud568\ub418\uc5b4 \uc788\uc73c\uba74 \ud568\uc218\ub294 \uc774\ub97c IPv4 \uc8fc\uc18c\ub85c \uc798\ubabb \ud574\uc11d\ud569\ub2c8\ub2e4. \uc774\ub85c \uc778\ud574 \ud568\uc218\uac00 IPv4 \uc8fc\uc18c\ub97c \uc218\uc6a9\ud560 \ub9cc\ud07c \ud06c\uc9c0 \uc54a\uc740 \ubc84\ud37c\uc5d0 IPv4 \uc8fc\uc18c\ub97c \uc800\uc7a5\ud558\ub824\uace0 \ud558\uba74 \ubc84\ud37c \uc624\ubc84\ud50c\ub85c\uac00 \ubc1c\uc0dd\ud569\ub2c8\ub2e4.<\/p>\n<p>\uacb0\uacfc\uc801\uc73c\ub85c \uacf5\uaca9\uc790\ub294 \uc545\uc758\uc801\uc778 \ud638\uc2a4\ud2b8 \uc774\ub984\uc744 \ub9cc\ub4e4\uc5b4 \ucde8\uc57d\ud55c \uae30\ub2a5\uc774 \uc778\uc811\ud55c \uba54\ubaa8\ub9ac \uc704\uce58\ub97c \ub36e\uc5b4\uc4f0\ub3c4\ub85d \ub9cc\ub4e4\uc5b4 \uc7a0\uc7ac\uc801\uc73c\ub85c \uc784\uc758 \ucf54\ub4dc\ub97c \uc2e4\ud589\ud558\uac70\ub098 \ud504\ub85c\uadf8\ub7a8\uc744 \uc911\ub2e8\uc2dc\ud0ac \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<h2>GHOST \ubc84\uadf8\uc758 \uc8fc\uc694 \ud2b9\uc9d5 \ubd84\uc11d<\/h2>\n<p>GHOST \ubc84\uadf8\uc758 \uc8fc\uc694 \uae30\ub2a5\uc740 \ub2e4\uc74c\uacfc \uac19\uc2b5\ub2c8\ub2e4.<\/p>\n<ol>\n<li>\n<p><strong>\ubc84\ud37c \uc624\ubc84\ud50c\ub85c \ucde8\uc57d\uc810<\/strong>: GHOST \ubc84\uadf8\uc758 \ud575\uc2ec \ubb38\uc81c\ub294 __nss_hostname_digits_dots() \ud568\uc218 \ub0b4\uc758 \ubc84\ud37c \uc624\ubc84\ud50c\ub85c\ub85c \uc778\ud574 \uc2b9\uc778\ub418\uc9c0 \uc54a\uc740 \ucf54\ub4dc \uc2e4\ud589\uc774 \uac00\ub2a5\ud574\uc9d1\ub2c8\ub2e4.<\/p>\n<\/li>\n<li>\n<p><strong>\uc6d0\uaca9 \ucf54\ub4dc \uc2e4\ud589<\/strong>: \uc774 \ubc84\uadf8\ub294 \uc6d0\uaca9\uc73c\ub85c \uc545\uc6a9\ub420 \uc218 \uc788\uc73c\uba70 \uacf5\uaca9\uc790\uac00 \uba40\ub9ac\uc11c \uc601\ud5a5\uc744 \ubc1b\ub294 \uc2dc\uc2a4\ud15c\uc744 \uc81c\uc5b4\ud560 \uc218 \uc788\uc73c\ubbc0\ub85c \uc2ec\uac01\ud55c \ubcf4\uc548 \uc704\ud611\uc774 \ub429\ub2c8\ub2e4.<\/p>\n<\/li>\n<li>\n<p><strong>\uc601\ud5a5\uc744 \ubc1b\ub294 \uc2dc\uc2a4\ud15c\uc758 \ubc94\uc704<\/strong>: \uc774 \ucde8\uc57d\uc810\uc740 \ucde8\uc57d\ud55c glibc \ub77c\uc774\ube0c\ub7ec\ub9ac\ub97c \uc0ac\uc6a9\ud558\ub294 \ub2e4\uc591\ud55c Linux \ubc30\ud3ec\ud310\uacfc \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc5d0 \uc601\ud5a5\uc744 \ubbf8\ucce4\uc2b5\ub2c8\ub2e4.<\/p>\n<\/li>\n<li>\n<p><strong>\uc704\ud5d8\uc5d0 \ucc98\ud55c \uc911\uc694 \uc11c\ube44\uc2a4<\/strong>: \ud544\uc218 \uc11c\ube44\uc2a4\ub97c \uc2e4\ud589\ud558\ub294 \ub9ce\uc740 \uc11c\ubc84\uac00 \ucde8\uc57d\ud558\uc5ec \uc628\ub77c\uc778 \uc778\ud504\ub77c\uc5d0 \uc2ec\uac01\ud55c \uc704\ud5d8\uc744 \ucd08\ub798\ud588\uc2b5\ub2c8\ub2e4.<\/p>\n<\/li>\n<\/ol>\n<h2>GHOST \ubc84\uadf8\uc758 \uc720\ud615<\/h2>\n<p>GHOST \ubc84\uadf8\uc5d0\ub294 \ub69c\ub837\ud55c \ubcc0\ud615\uc774 \uc5c6\uc2b5\ub2c8\ub2e4. \uadf8\ub7ec\ub098 \uadf8 \uc601\ud5a5\uc740 \uc601\ud5a5\uc744 \ubc1b\ub294 \uc2dc\uc2a4\ud15c\uacfc \uacf5\uaca9\uc790\uc758 \ubaa9\ud45c\uc5d0 \ub530\ub77c \ub2ec\ub77c\uc9c8 \uc218 \uc788\uc2b5\ub2c8\ub2e4. \uc77c\ubc18\uc801\uc73c\ub85c __nss_hostname_digits_dots() \ud568\uc218\uc758 \ubc84\ud37c \uc624\ubc84\ud50c\ub85c\ub97c \ud2b9\uc9d5\uc73c\ub85c \ud558\ub294 GHOST \ubc84\uadf8 \ubc84\uc804\uc740 \ud558\ub098\ub9cc \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<h2>GHOST \ubc84\uadf8 \uc774\uc6a9\ubc29\ubc95, \uc774\uc6a9\uc5d0 \uad00\ub828\ub41c \ubb38\uc81c\uc810 \ubc0f \ud574\uacb0\ubc29\ubc95<\/h2>\n<p>GHOST \ubc84\uadf8\ub294 \uc8fc\ub85c __nss_hostname_digits_dots() \ud568\uc218\uc758 \ubc84\ud37c \uc624\ubc84\ud50c\ub85c\ub97c \ud65c\uc6a9\ud558\uc5ec DNS \uc694\uccad\uc744 \uc870\uc791\ud568\uc73c\ub85c\uc368 \uc545\uc6a9\ub418\uc5c8\uc2b5\ub2c8\ub2e4. \uacf5\uaca9\uc790\uac00 \ucde8\uc57d\ud55c \uc2dc\uc2a4\ud15c\uc744 \uc2dd\ubcc4\ud558\uba74 \uc545\uc131 \ud638\uc2a4\ud2b8 \uc774\ub984\uc744 \ub9cc\ub4e4\uc5b4 \uc774\ub97c \uc0ac\uc6a9\ud558\uc5ec \ucde8\uc57d\uc131\uc744 \uc720\ubc1c\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<p>GHOST \ubc84\uadf8\ub97c \ud574\uacb0\ud558\ub824\uba74 \uc6b4\uc601 \uccb4\uc81c \uacf5\uae09\uc5c5\uccb4\uc640 \uc751\uc6a9 \ud504\ub85c\uadf8\ub7a8 \uac1c\ubc1c\uc790\uc758 \uc989\uac01\uc801\uc778 \uc5c5\ub370\uc774\ud2b8\uac00 \ud544\uc694\ud588\uc2b5\ub2c8\ub2e4. \ucde8\uc57d\uc810\uc744 \uc218\uc815\ud558\ub824\uba74 \ud328\uce58\ub41c glibc \ubc84\uc804\uc744 \ud1b5\ud569\ud574\uc57c \ud588\uc2b5\ub2c8\ub2e4. \uc2dc\uc2a4\ud15c \uad00\ub9ac\uc790\ub3c4 \uc2dc\uc2a4\ud15c\uc744 \uc5c5\ub370\uc774\ud2b8\ud558\uace0 \uc801\uc808\ud55c \ubcf4\uc548 \uc870\uce58\ub97c \uad6c\ud604\ud558\ub294 \ub370 \uc911\uc694\ud55c \uc5ed\ud560\uc744 \ud588\uc2b5\ub2c8\ub2e4.<\/p>\n<h2>\uc8fc\uc694 \ud2b9\uc9d5 \ubc0f \uae30\ud0c0 \uc720\uc0ac\ud55c \uc6a9\uc5b4\uc640\uc758 \ube44\uad50\ub97c \ud45c\uc640 \ubaa9\ub85d \ud615\ud0dc\ub85c \uc81c\uacf5<\/h2>\n<table>\n<thead>\n<tr>\n<th>\ud2b9\uc131<\/th>\n<th>\uace0\uc2a4\ud2b8 \ubc84\uadf8<\/th>\n<th>\ud558\ud2b8\ube14\ub9ac\ub4dc<\/th>\n<th>\uc258\uc1fc\ud06c<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>\ucde8\uc57d\uc810 \uc720\ud615<\/td>\n<td>\ubc84\ud37c \uc624\ubc84 \ud50c\ub85c\uc6b0<\/td>\n<td>\uc815\ubcf4 \uc720\ucd9c(\uba54\ubaa8\ub9ac \ucd08\uacfc \uc77d\uae30)<\/td>\n<td>\uba85\ub839 \uc8fc\uc785<\/td>\n<\/tr>\n<tr>\n<td>\ubc1c\uacac\uc758 \ud574<\/td>\n<td>2015<\/td>\n<td>2014<\/td>\n<td>2014<\/td>\n<\/tr>\n<tr>\n<td>\uc601\ud5a5\uc744 \ubc1b\ub294 \uc18c\ud504\ud2b8\uc6e8\uc5b4<\/td>\n<td>glibc \ub77c\uc774\ube0c\ub7ec\ub9ac<\/td>\n<td>OpenSSL<\/td>\n<td>\ubc30\uc2dc \uc258<\/td>\n<\/tr>\n<tr>\n<td>\uc601\ud5a5 \ubc94\uc704<\/td>\n<td>Linux \uae30\ubc18 \uc2dc\uc2a4\ud15c<\/td>\n<td>\uc6f9 \uc11c\ubc84, VPN, IoT \uc7a5\uce58<\/td>\n<td>Unix \uae30\ubc18 \uc2dc\uc2a4\ud15c<\/td>\n<\/tr>\n<tr>\n<td>\uc545\uc6a9 \ubcf5\uc7a1\uc131<\/td>\n<td>\uc0c1\ub300\uc801\uc73c\ub85c \ubcf5\uc7a1\ud568<\/td>\n<td>\ube44\uad50\uc801 \uac04\ub2e8\ud568<\/td>\n<td>\ube44\uad50\uc801 \uac04\ub2e8\ud568<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>GHOST \ubc84\uadf8\uc5d0 \uad00\ud55c \ubbf8\ub798\uc758 \uad00\uc810\uacfc \uae30\uc220<\/h2>\n<p>GHOST \ubc84\uadf8\uac00 \ubc1c\uacac\ub41c \uc774\ud6c4 \uac1c\ubc1c\uc790\uc640 \uc2dc\uc2a4\ud15c \uad00\ub9ac\uc790\ub294 \ubcf4\uc548 \uc870\uce58\uc758 \uc6b0\uc120\uc21c\uc704\ub97c \uc815\ud558\uace0 \uc18c\ud504\ud2b8\uc6e8\uc5b4 \uc5c5\ub370\uc774\ud2b8\ub97c \uc2e0\uc18d\ud558\uac8c \uc218\ud589\ud574\uc57c \ud55c\ub2e4\ub294 \uad50\ud6c8\uc744 \uc5bb\uc5c8\uc2b5\ub2c8\ub2e4. \uc774 \uc0ac\uac74\uc73c\ub85c \uc778\ud574 \ud575\uc2ec \ub77c\uc774\ube0c\ub7ec\ub9ac\uc5d0 \ub300\ud55c \uc870\uc0ac\uac00 \uac15\ud654\ub418\uace0 \ucf54\ub4dc \ubcf4\uc548\uc744 \uac1c\uc120\ud558\ub824\ub294 \ub178\ub825\uc774 \uac15\ud654\ub418\uc5c8\uc2b5\ub2c8\ub2e4.<\/p>\n<p>\ubbf8\ub798\uc5d0\ub294 \uac15\ub825\ud55c \ubcf4\uc548 \uad00\ud589, \uc815\uae30\uc801\uc778 \ucf54\ub4dc \uac10\uc0ac \ubc0f \ucde8\uc57d\uc131 \ud3c9\uac00\uc5d0 \ub354\uc6b1 \uc911\uc810\uc744 \ub458 \uac83\uc73c\ub85c \uc608\uc0c1\ub429\ub2c8\ub2e4. \uc0ac\uc774\ubc84 \ubcf4\uc548 \ud658\uacbd\uc740 \uacc4\uc18d \uc9c4\ud654\ud560 \uac83\uc774\uba70, \uc870\uc9c1\uc740 \uc0c8\ub85c\uc6b4 \uc704\ud611\uc744 \ubc29\uc5b4\ud558\uae30 \uc704\ud574 \uacbd\uacc4\uc2ec\uc744 \uac16\uace0 \uc0ac\uc804 \uc608\ubc29\uc801\uc73c\ub85c \ub300\uc751\ud574\uc57c \ud569\ub2c8\ub2e4.<\/p>\n<h2>\ud504\ub85d\uc2dc \uc11c\ubc84\ub97c \uc0ac\uc6a9\ud558\uac70\ub098 GHOST \ubc84\uadf8\uc640 \uc5f0\uad00\uc2dc\ud0a4\ub294 \ubc29\ubc95<\/h2>\n<p>OneProxy\uc5d0\uc11c \uc81c\uacf5\ud558\ub294 \uac83\uacfc \uac19\uc740 \ud504\ub85d\uc2dc \uc11c\ubc84\ub294 GHOST \ubc84\uadf8\uc758 \uc601\ud5a5\uc744 \uc644\ud654\ud558\ub294 \uc5ed\ud560\uc744 \ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4. \ud504\ub85d\uc2dc \uc11c\ubc84\ub97c \ud1b5\ud574 \uc6f9 \ud2b8\ub798\ud53d\uc744 \ub77c\uc6b0\ud305\ud568\uc73c\ub85c\uc368 \ud074\ub77c\uc774\uc5b8\ud2b8 \uc2dc\uc2a4\ud15c\uc774 \ucde8\uc57d\ud55c glibc \ub77c\uc774\ube0c\ub7ec\ub9ac\uc5d0 \uc9c1\uc811 \ub178\ucd9c\ub418\uc9c0 \uc54a\ub3c4\ub85d \ubcf4\ud638\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4. \ud504\ub85d\uc2dc\ub294 \ud074\ub77c\uc774\uc5b8\ud2b8\uc640 \uc11c\ubc84 \uc0ac\uc774\uc758 \uc911\uac1c\uc790 \uc5ed\ud560\uc744 \ud558\uba70 \uc545\uc758\uc801\uc778 \uc694\uccad\uc744 \ud544\ud130\ub9c1\ud558\uc5ec \ucd94\uac00 \ubcf4\uc548 \uacc4\uce35\uc744 \uc81c\uacf5\ud569\ub2c8\ub2e4.<\/p>\n<p>\uadf8\ub7ec\ub098 \ud504\ub85d\uc2dc\ub294 \ucde8\uc57d\uc810 \uc790\uccb4\ub97c \ud574\uacb0\ud558\ub294 \uc9c1\uc811\uc801\uc778 \uc194\ub8e8\uc158\uc774 \uc544\ub2c8\ub77c\ub294 \uc810\uc744 \uae30\uc5b5\ud558\ub294 \uac83\uc774 \uc911\uc694\ud569\ub2c8\ub2e4. GHOST \ubc84\uadf8\uc640 \uac19\uc740 \uc7a0\uc7ac\uc801\uc778 \uc704\ud611\uc73c\ub85c\ubd80\ud130 \ud3ec\uad04\uc801\uc778 \ubcf4\ud638\ub97c \ubcf4\uc7a5\ud558\ub824\uba74 \ub2e4\ub978 \ubcf4\uc548 \uc870\uce58 \ubc0f \uc815\uae30\uc801\uc778 \uc18c\ud504\ud2b8\uc6e8\uc5b4 \uc5c5\ub370\uc774\ud2b8\uc640 \ud568\uaed8 \uc0ac\uc6a9\ud574\uc57c \ud569\ub2c8\ub2e4.<\/p>\n<h2>\uad00\ub828\ub41c \ub9c1\ud06c\ub4e4<\/h2>\n<p>GHOST \ubc84\uadf8\uc640 \uadf8 \uc601\ud5a5\uc5d0 \ub300\ud55c \uc790\uc138\ud55c \ub0b4\uc6a9\uc740 \ub2e4\uc74c \ub9ac\uc18c\uc2a4\ub97c \ucc38\uc870\ud558\uc138\uc694.<\/p>\n<ol>\n<li>Qualys \ubcf4\uc548 \uad8c\uace0: <a href=\"https:\/\/www.qualys.com\/2015\/01\/27\/cve-2015-0235-ghost\/\" target=\"_new\" rel=\"noopener nofollow\">https:\/\/www.qualys.com\/2015\/01\/27\/cve-2015-0235-ghost\/<\/a><\/li>\n<li>\uad6d\uac00 \ucde8\uc57d\uc810 \ub370\uc774\ud130\ubca0\uc774\uc2a4(NVD) \ud56d\ubaa9: <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2015-0235\" target=\"_new\" rel=\"noopener nofollow\">https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2015-0235<\/a><\/li>\n<li>Linux \ubcf4\uc548 \ube14\ub85c\uadf8: <a href=\"https:\/\/www.linuxsecurity.com\/features\/features\/ghost-cve-2015-0235-the-linux-implementation-of-the-secure-hypertext-transfer-protocol-7252\" target=\"_new\" rel=\"noopener nofollow\">https:\/\/www.linuxsecurity.com\/features\/features\/ghost-cve-2015-0235-the-linux-implementation-of-the-secure-hypertext-transfer-protocol-7252<\/a><\/li>\n<\/ol>\n<p>GHOST \ubc84\uadf8\uc640 \uac19\uc740 \uc7a0\uc7ac\uc801\uc778 \ucde8\uc57d\uc810\uc5d0 \uc9c1\uba74\ud558\uc5ec \uc548\uc804\ud55c \uc628\ub77c\uc778 \uc0c1\ud0dc\ub97c \uc720\uc9c0\ud558\ub824\uba74 \ucd5c\uc2e0 \uc815\ubcf4\ub97c \uc5bb\uace0 \uc2dc\uc2a4\ud15c\uc744 \uc2e0\uc18d\ud558\uac8c \uc5c5\ub370\uc774\ud2b8\ud558\ub294 \uac83\uc774 \uc911\uc694\ud55c \ub2e8\uacc4\ub77c\ub294 \uc810\uc744 \uae30\uc5b5\ud558\uc2ed\uc2dc\uc624.<\/p>","protected":false},"featured_media":0,"menu_order":0,"template":"","meta":{"_acf_changed":false,"content-type":"","inline_featured_image":false,"footnotes":""},"class_list":["post-477344","wiki","type-wiki","status-publish","hentry"],"acf":{"faq_title":"Frequently Asked Questions about <mark>GHOST Bug: A Comprehensive Analysis<\/mark>","faq_items":[{"question":"What is the GHOST bug?","answer":"<p>The GHOST bug is a critical vulnerability in the GNU C Library (glibc) found in many Linux-based operating systems. It was discovered in 2015 and allows attackers to execute arbitrary code remotely.<\/p>"},{"question":"Who discovered the GHOST bug and when was it first mentioned?","answer":"<p>The GHOST bug was identified by researchers from Qualys on January 27, 2015. They responsibly disclosed the vulnerability to glibc maintainers and the NCCIC before publicly announcing it.<\/p>"},{"question":"How does the GHOST bug work?","answer":"<p>The GHOST bug exploits a buffer overflow in the __nss_hostname_digits_dots() function of glibc. When a program makes a DNS request, this function is called to handle hostname resolution. Attackers can craft a malicious hostname, triggering the overflow and potentially gaining unauthorized access.<\/p>"},{"question":"What are the key features of the GHOST bug?","answer":"<p>The key features of the GHOST bug include its buffer overflow vulnerability, remote code execution potential, wide impact on Linux systems, and its threat to critical services like web servers.<\/p>"},{"question":"Are there different types of GHOST bugs?","answer":"<p>No, there is only one version of the GHOST bug characterized by the buffer overflow in the __nss_hostname_digits_dots() function.<\/p>"},{"question":"How can the GHOST bug be mitigated?","answer":"<p>Mitigating the GHOST bug requires prompt updates from OS vendors and developers. System administrators should update their systems and implement security measures promptly.<\/p>"},{"question":"How does the GHOST bug compare to other vulnerabilities like Heartbleed and Shellshock?","answer":"<p>The GHOST bug is a buffer overflow vulnerability, whereas Heartbleed is an information leak and Shellshock is a command injection. Each has different discovery years, affected software, and exploitation complexities.<\/p>"},{"question":"What does the future hold for the GHOST bug and cybersecurity?","answer":"<p>The future will bring increased focus on security practices, code audits, and vulnerability assessments to counter emerging threats. Vigilance and proactive measures will remain critical.<\/p>"},{"question":"How can proxy servers be associated with the GHOST bug?","answer":"<p>Proxy servers, like those from OneProxy, can help mitigate the impact of the GHOST bug by acting as intermediaries and filtering malicious requests. However, they should complement other security measures and regular updates.<\/p>"},{"question":"Where can I find more information about the GHOST bug?","answer":"<p>For more details about the GHOST bug, you can visit the following resources:<\/p><ol><li>Qualys Security Advisory: <a href=\"https:\/\/www.qualys.com\/2015\/01\/27\/cve-2015-0235-ghost\/\" target=\"_new\">https:\/\/www.qualys.com\/2015\/01\/27\/cve-2015-0235-ghost\/<\/a><\/li><li>National Vulnerability Database (NVD) Entry: <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2015-0235\" target=\"_new\">https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2015-0235<\/a><\/li><li>Linux Security Blog: <a href=\"https:\/\/www.linuxsecurity.com\/features\/features\/ghost-cve-2015-0235-the-linux-implementation-of-the-secure-hypertext-transfer-protocol-7252\" target=\"_new\">https:\/\/www.linuxsecurity.com\/features\/features\/ghost-cve-2015-0235-the-linux-implementation-of-the-secure-hypertext-transfer-protocol-7252<\/a><\/li><\/ol>"}]},"_links":{"self":[{"href":"https:\/\/oneproxy.pro\/kr\/wp-json\/wp\/v2\/wiki\/477344","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/oneproxy.pro\/kr\/wp-json\/wp\/v2\/wiki"}],"about":[{"href":"https:\/\/oneproxy.pro\/kr\/wp-json\/wp\/v2\/types\/wiki"}],"version-history":[{"count":0,"href":"https:\/\/oneproxy.pro\/kr\/wp-json\/wp\/v2\/wiki\/477344\/revisions"}],"wp:attachment":[{"href":"https:\/\/oneproxy.pro\/kr\/wp-json\/wp\/v2\/media?parent=477344"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}