ALAS-2016-671


Amazon Linux AMI Security Advisory: ALAS-2016-671
Advisory Release Date: 2016-03-22 11:00 Pacific
Severity: Low
References: CVE-2013-4885 

Issue Overview:

The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is set, allows remote servers to upload arbitrarily named files via a crafted FullName parameter in a response, as demonstrated using directory traversal sequences.


Affected Packages:

nmap


Issue Correction:
Run yum update nmap to update your system.

New Packages:
i686:
    nmap-debuginfo-6.40-7.19.amzn1.i686
    nmap-6.40-7.19.amzn1.i686
    nmap-ncat-6.40-7.19.amzn1.i686

src:
    nmap-6.40-7.19.amzn1.src

x86_64:
    nmap-ncat-6.40-7.19.amzn1.x86_64
    nmap-debuginfo-6.40-7.19.amzn1.x86_64
    nmap-6.40-7.19.amzn1.x86_64