Amazon Linux AMI : rpm (ALAS-2012-61)

medium Nessus Plugin ID 69668

Language:

Synopsis

The remote Amazon Linux AMI host is missing a security update.

Description

Multiple flaws were found in the way RPM parsed package file headers.
An attacker could create a specially crafted RPM package that, when its package header was accessed, or during package signature verification, could cause an application using the RPM library (such as the rpm command line tool, or the yum and up2date package managers) to crash or, potentially, execute arbitrary code. (CVE-2012-0060 , CVE-2012-0061 , CVE-2012-0815)

Solution

Run 'yum update rpm' to update your system.

Plugin Details

Severity: Medium

ID: 69668

File Name: ala_ALAS-2012-61.nasl

Version: 1.6

Type: local

Agent: unix

Family: Amazon Linux Local Security Checks

Published: 9/4/2013

Updated: 4/18/2018

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:rpm, p-cpe:/a:amazon:linux:rpm-apidocs, p-cpe:/a:amazon:linux:rpm-build, p-cpe:/a:amazon:linux:rpm-cron, p-cpe:/a:amazon:linux:rpm-debuginfo, p-cpe:/a:amazon:linux:rpm-devel, p-cpe:/a:amazon:linux:rpm-libs, p-cpe:/a:amazon:linux:rpm-python, cpe:/o:amazon:linux

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Patch Publication Date: 4/5/2012

Reference Information

CVE: CVE-2012-0060

ALAS: 2012-61

RHSA: 2012:0451

Detections

Analytics