漏洞类别:Amazon Linux
漏洞等级: 
漏洞信息
It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent bash, escaping the sandbox.
漏洞危害
Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.
解决方案
Please refer to Amazon advisory ALAS-2016-765 for affected packages and patching details, or update with your package manager.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
ALAS-2016-765: Amazon Linux (policycoreutils (2.1.12-5.25.amzn1) on i686)
ALAS-2016-765: Amazon Linux (policycoreutils (2.1.12-5.25.amzn1) on x86_64)
ALAS-2016-765: Amazon Linux (policycoreutils (2.1.12-5.25.amzn1) on src)
0day
文章评论