This script is Copyright (C) 2014 Tenable Network Security, Inc.
The remote Amazon Linux AMI host is missing a security update.
Heap-based buffer overflow in the yaml_parser_scan_uri_escapes
function in LibYAML before 0.1.6 allows context-dependent attackers to
execute arbitrary code via a long sequence of percent-encoded
characters in a URI in a YAML file. (CVE-2014-2525)
The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before
0.1.5 performs an incorrect cast, which allows remote attackers to
cause a denial of service (application crash) and possibly execute
arbitrary code via crafted tags in a YAML document, which triggers a
heap-based buffer overflow. (CVE-2013-6393)
See also :
Run 'yum update perl-YAML-LibYAM'L to update your system.
Risk factor :
Medium / CVSS Base Score : 6.8