This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.
The remote Amazon Linux AMI host is missing a security update.
A buffer underflow flaw was found in the way the uncompress utility of
BusyBox expanded certain archive files compressed using Lempel-Ziv
compression. If a user were tricked into expanding a specially crafted
archive file with uncompress, it could cause BusyBox to crash or,
potentially, execute arbitrary code with the privileges of the user
running BusyBox. (CVE-2006-1168)
The BusyBox DHCP client, udhcpc, did not sufficiently sanitize certain
options provided in DHCP server replies, such as the client hostname.
A malicious DHCP server could send such an option with a specially
crafted value to a DHCP client. If this option's value was saved on
the client system, and then later insecurely evaluated by a process
that assumes the option is trusted, it could lead to arbitrary code
execution with the privileges of that process. (CVE-2011-2716)
See also :
Run 'yum update busybox' to update your system.
Risk factor :
High / CVSS Base Score : 7.5
Family: Amazon Linux Local Security Checks
Nessus Plugin ID: 69593 ()
CVE ID: CVE-2006-1168CVE-2011-2716
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.