Test ID:	1.3.6.1.4.1.25623.1.0.120317
Category:	Amazon Linux Local Security Checks
Title:	Amazon Linux: Security Advisory (ALAS-2014-358)
Summary:	The remote host is missing an update for the 'perl-Capture-Tiny' package(s) announced via the ALAS-2014-358 advisory.
Description:	Summary: The remote host is missing an update for the 'perl-Capture-Tiny' package(s) announced via the ALAS-2014-358 advisory. Vulnerability Insight: It was found [1] that the Capture::Tiny module, provided by the perl-Capture-Tiny package, used the File::temp::tmpnam module to generate temporary files: ./lib/Capture/Tiny.pm: $stash->{flag_files}{$which} = scalar tmpnam(), This module makes use of the mktemp() function when called in the scalar context, which creates significantly more predictable temporary files. Additionally, the temporary file is created with world-writable (0666) permission. A local attacker could use this flaw to perform a symbolic link attack, overwriting arbitrary files accessible to a program using the Capture::Tiny module. Affected Software/OS: 'perl-Capture-Tiny' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 3.6 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-1875 BugTraq ID: 65475 http://www.securityfocus.com/bid/65475 http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128823.html http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128882.html http://seclists.org/oss-sec/2014/q1/267 http://seclists.org/oss-sec/2014/q1/272 http://osvdb.org/102963 http://secunia.com/advisories/56823 XForce ISS Database: capturetiny-perl-symlink(91464) https://exchange.xforce.ibmcloud.com/vulnerabilities/91464
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.