Amazon Linux AMI : gnutls (ALAS-2012-59)

This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.

Synopsis :

The remote Amazon Linux AMI host is missing a security update.

Description :

A flaw was found in the way GnuTLS decrypted malformed TLS records.
This could cause a TLS/SSL client or server to crash when processing a
specially crafted TLS record from a remote TLS/SSL connection peer.

A boundary error was found in the gnutls_session_get_data() function.
A malicious TLS/SSL server could use this flaw to crash a TLS/SSL
client or, possibly, execute arbitrary code as the client, if the
client passed a fixed-sized buffer to gnutls_session_get_data() before
checking the real size of the session data provided by the server.

See also :

Solution :

Run 'yum update gnutls' to update your system.

Risk factor :

Medium / CVSS Base Score : 5.0

Family: Amazon Linux Local Security Checks

Nessus Plugin ID: 69666 ()

Bugtraq ID:

CVE ID: CVE-2011-4128