Amazon Linux AMI : python27 Multiple Vulnerabilities (ALAS-2012-81)

This script is Copyright (C) 2013 Tenable Network Security, Inc.

Synopsis :

The remote Amazon Linux AMI host is missing a security update.

Description :

The SSL protocol, as used in certain configurations in Microsoft
Windows and Microsoft Internet Explorer, Mozilla Firefox, Google
Chrome, Opera, and other products, encrypts data by using CBC mode
with chained initialization vectors, which allows man-in-the-middle
attackers to obtain plaintext HTTP headers via a blockwise
chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with
JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java
URLConnection API, or (3) the Silverlight WebClient API, aka a 'BEAST'
attack. (CVE-2011-3389)

python: SimpleXMLRPCServer CPU usage DoS via malformed XML-RPC request

python: hash table collisions CPU usage DoS (CVE-2012-1150)

See also :

Solution :

Run 'yum update python27' to update your system.

Risk factor :

Medium / CVSS Base Score : 5.0

Family: Amazon Linux Local Security Checks

Nessus Plugin ID: 69688 ()

Bugtraq ID:

CVE ID: CVE-2011-3389