Amazon Linux AMI : kernel Multiple Vulnerabilities (ALAS-2013-200)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Amazon Linux AMI host is missing a security update.

Description :

Buffer overflow in the VFAT filesystem implementation in the Linux
kernel before 3.3 allows local users to gain privileges or cause a
denial of service (system crash) via a VFAT write operation on a
filesystem with the utf8 mount option, which is not properly handled
during UTF-8 to UTF-16 conversion. (CVE-2013-1773)

Use-after-free vulnerability in the shmem_remount_fs function in
mm/shmem.c in the Linux kernel before 3.7.10 allows local users to
gain privileges or cause a denial of service (system crash) by
remounting a tmpfs filesystem without specifying a required mpol (aka
mempolicy) mount option. (CVE-2013-1767)

See also :

http://www.nessus.org/u?33e0ecd6

Solution :

Run 'yum update kernel' to update your system.

Risk factor :

Medium / CVSS Base Score : 6.2
(CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C)

Family: Amazon Linux Local Security Checks

Nessus Plugin ID: 69758 ()

Bugtraq ID:

CVE ID: CVE-2013-1767
CVE-2013-1773