Amazon Linux AMI : aws-cfn-bootstrap (ALAS-2017-866)

🗓️ 07 Aug 2017 00:00:00Reported by TenableType

The CloudFormation bootstrap tools in Amazon Linux AMI allow escalated privileges with local access (ALAS-2017-866

Source	Link
access	www.access.redhat.com/security/cve/CVE-Pending
alas	www.alas.aws.amazon.com/ALAS-2017-866.html

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2017-866.
#

include("compat.inc");

if (description)
{
  script_id(102208);
  script_version("3.4");
  script_cvs_date("Date: 2018/04/18 15:09:36");

  script_xref(name:"ALAS", value:"2017-866");

  script_name(english:"Amazon Linux AMI : aws-cfn-bootstrap (ALAS-2017-866)");
  script_summary(english:"Checks rpm output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Amazon Linux AMI host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A vulnerability was reported in the CloudFormation bootstrap tools,
where default behavior in the handling of cfn-init metadata can
provide escalated privileges to an attacker with local access to the
system"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/CVE-Pending"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://alas.aws.amazon.com/ALAS-2017-866.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Run 'yum update aws-cfn-bootstrap' to update your system. 

Update the AWS::CloudFormation::Init metadata section of your
template, specifically the entries listed under the 'files' key, to
explicitly specify the mode field as documented. We recommend setting
the mode to explicitly disable permissions for non-owners.
Alternatively, you can also choose to explicitly change the mode of
the files listed in your template, by directly logging on to the
instance. 

Restart the cfn-hup process"
  );
  script_set_attribute(attribute:"risk_factor", value:"High");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:aws-cfn-bootstrap");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2017/08/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/07");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.");
  script_family(english:"Amazon Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (rpm_check(release:"ALA", reference:"aws-cfn-bootstrap-1.4-20.12.amzn1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "aws-cfn-bootstrap");
}

18 Apr 2018 15:09Current

5.5Medium risk

Vulners AI Score5.5