Amazon Linux 1 Security Advisory: ALAS-2016-671
Advisory Release Date: 2016-03-22 11:00 Pacific
Advisory Updated Date: 2016-03-22 11:00 Pacific
The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is set, allows remote servers to upload arbitrarily named files via a crafted FullName parameter in a response, as demonstrated using directory traversal sequences.
Affected Packages:
nmap
Issue Correction:
Run yum update nmap to update your system.
i686:
nmap-debuginfo-6.40-7.19.amzn1.i686
nmap-6.40-7.19.amzn1.i686
nmap-ncat-6.40-7.19.amzn1.i686
src:
nmap-6.40-7.19.amzn1.src
x86_64:
nmap-ncat-6.40-7.19.amzn1.x86_64
nmap-debuginfo-6.40-7.19.amzn1.x86_64
nmap-6.40-7.19.amzn1.x86_64