low
AWS published official AMIs with recoverable deleted files
Published Sat, Jun 4th, 2011
Platforms
Summary
Researchers, while investigating the security posture of Public AMIs, were able to undelete files from an official image that was published by Amazon AWS.
Affected Services
N/A
Remediation
Follow [best practices](https://aws.amazon.com/articles/how-to-share-and-use-public-amis-in-a-secure-manner/) when sharing Public AMIs
Tracked CVEs
No tracked CVEs
References
http://seclab.nu/static/publications/sac2012ec2.pdfhttps://aws.amazon.com/security/security-bulletins/reminder-about-safely-sharing-and-using-public-amis/
Contributed by https://github.com/ramimac
Entry Status
Finalized
Disclosure Date
Sat, Jun 4th, 2011
Exploitability Period
-
Known ITW Exploitation
-
Detection Methods
None
Piercing Index Rating
-
Discovered by
Marco Balduzzi, Jonas Zaddach, Davide Balzarotti, Engin Kirda, Sergio Loureiro