Detections
Analytics
Amazon Linux AMI : curl (ALAS-2017-889)
medium Nessus Plugin ID 102877
Language:
Synopsis
The remote Amazon Linux AMI host is missing a security update.Description
FILE buffer read out of bounds (CVE-2017-1000099)TFTP sends more than buffer size (CVE-2017-1000100)
URL globbing out of bounds read (CVE-2017-1000101)
Solution
Run 'yum update curl' to update your system.See Also
Plugin Details
Severity: Medium
ID: 102877
File Name: ala_ALAS-2017-889.nasl
Version: 3.4
Type: local
Agent: unix
Published: 9/1/2017
Updated: 4/18/2018
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.6
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS v3
Risk Factor: Medium
Base Score: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Vulnerability Information
CPE: p-cpe:/a:amazon:linux:curl, p-cpe:/a:amazon:linux:curl-debuginfo, p-cpe:/a:amazon:linux:libcurl, p-cpe:/a:amazon:linux:libcurl-devel, cpe:/o:amazon:linux
Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list
Patch Publication Date: 8/31/2017
Reference Information
CVE: CVE-2017-1000099, CVE-2017-1000100, CVE-2017-1000101
ALAS: 2017-889