漏洞类别:Amazon Linux
漏洞等级: 
漏洞信息
Unsafe second checksum calculation in udp.c:
The Linux kernel allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag. This may create a kernel panic or memory corruption leading to privilege escalation. (CVE-2016-10229 )
QID Detection Logic:
This authenticated QID checks if the following file versions are lesser than 4.9.17-8.31.amzn1: kernel-headers, perf-debuginfo, perf, kernel, kernel-debuginfo, kernel-tools-devel, kernel-tools-debuginfo, kernel-debuginfo-common-x86_64, kernel-devel, kernel-tools, kernel-doc, kernel-debuginfo-common-i686
漏洞危害
Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.
解决方案
Please refer to Amazon advisory ALAS-2017-832 for affected packages and patching details, or update with your package manager.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
ALAS-2017-832: Amazon Linux (kernel (4.9.17-8.31.amzn1) on noarch)
ALAS-2017-832: Amazon Linux (kernel (4.9.17-8.31.amzn1) on x86_64)
ALAS-2017-832: Amazon Linux (kernel (4.9.17-8.31.amzn1) on src)
ALAS-2017-832: Amazon Linux (kernel (4.9.17-8.31.amzn1) on i686)
0daybank
文章评论