漏洞类别:Amazon Linux
漏洞等级: 
漏洞信息
A vulnerability was reported in the CloudFormation bootstrap tools that allows an attacker to execute arbitrary code as root if they have local access to the system and are able to create files in a specific directory (CVE-2017-9450 )
QID Detection Logic:
This authenticated QID verifies if the version of the following files is lesser than 1.4-19.10.amzn1: aws-cfn-bootstrap
漏洞危害
Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.
解决方案
Please refer to Amazon advisory ALAS-2017-861 for affected packages and patching details, or update with your package manager.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
ALAS-2017-861: Amazon Linux (aws-cfn-bootstrap (1.4-19.10.amzn1) on src)
ALAS-2017-861: Amazon Linux (aws-cfn-bootstrap (1.4-19.10.amzn1) on noarch)
0daybank
文章评论