Amazon Linux AMI : libtasn1 Remote Crash Vulnerability (ALAS-2012-60)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Amazon Linux AMI host is missing a security update.

Description :

A flaw was found in the way libtasn1 decoded DER data. An attacker
could create carefully-crafted DER encoded input (such as an X.509
certificate) that, when parsed by an application that uses libtasn1
(such as applications using GnuTLS), could cause the application to
crash.

See also :

http://www.nessus.org/u?2ae0d2ce

Solution :

Run 'yum update libtasn1' to upgrade your system.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

Family: Amazon Linux Local Security Checks

Nessus Plugin ID: 69667 ()

Bugtraq ID:

CVE ID: CVE-2012-1569