3 matches found
CVE-2017-9450
The CVE-2017-9450 issue affects the AWS CloudFormation bootstrap tools package (aws-cfn-bootstrap) prior to 1.4-19.10. The vulnerable component is the cfn-hup daemon, which an attacker with local access can abuse by writing a crafted file to escalate to root and execute arbitrary code, compromisi...
Important: aws-cfn-bootstrap
Issue Overview: New optional parameter "umask" introduced into cfn-hup.conf file in order to configure the cfn-hup daemon's umask. The Amazon Web Services AWS CloudFormation bootstrap tools package aka aws-cfn-bootstrap before 1.4-19.10 allows local users to execute arbitrary code with root...
Important: aws-cfn-bootstrap
Issue Overview: A vulnerability was reported in the CloudFormation bootstrap tools that allows an attacker to execute arbitrary code as root if they have local access to the system and are able to create files in a specific directory CVE-2017-9450 Affected Packages: aws-cfn-bootstrap Issue...