漏洞类别:Amazon Linux
漏洞等级: 
漏洞信息
A vulnerability was reported in the CloudFormation bootstrap tools, different from the one in CVE-2017-9450 , where default behavior in the handling of cfn-init metadata can provide escalated privileges to an attacker with local access to the system
QID Detection Logic:
This authenticated QID verifies if the version of the following files is lesser than 1.4-20.12.amzn1: aws-cfn-bootstrap
漏洞危害
Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.
解决方案
Please refer to Amazon advisory ALAS-2017-866 for affected packages and patching details, or update with your package manager.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论