Vulnerabilites related to gnu - automake
Vulnerability from fkie_nvd
Published
2012-08-07 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | automake | * | |
| gnu | automake | 1.0 | |
| gnu | automake | 1.2 | |
| gnu | automake | 1.3 | |
| gnu | automake | 1.4 | |
| gnu | automake | 1.4 | |
| gnu | automake | 1.4 | |
| gnu | automake | 1.4 | |
| gnu | automake | 1.4 | |
| gnu | automake | 1.4 | |
| gnu | automake | 1.4 | |
| gnu | automake | 1.5 | |
| gnu | automake | 1.6 | |
| gnu | automake | 1.6.1 | |
| gnu | automake | 1.6.2 | |
| gnu | automake | 1.6.3 | |
| gnu | automake | 1.7 | |
| gnu | automake | 1.7.1 | |
| gnu | automake | 1.7.2 | |
| gnu | automake | 1.7.3 | |
| gnu | automake | 1.7.4 | |
| gnu | automake | 1.7.5 | |
| gnu | automake | 1.7.6 | |
| gnu | automake | 1.7.7 | |
| gnu | automake | 1.7.8 | |
| gnu | automake | 1.7.9 | |
| gnu | automake | 1.8 | |
| gnu | automake | 1.8.1 | |
| gnu | automake | 1.8.2 | |
| gnu | automake | 1.8.3 | |
| gnu | automake | 1.8.4 | |
| gnu | automake | 1.8.5 | |
| gnu | automake | 1.9 | |
| gnu | automake | 1.9.1 | |
| gnu | automake | 1.9.2 | |
| gnu | automake | 1.9.3 | |
| gnu | automake | 1.9.4 | |
| gnu | automake | 1.9.5 | |
| gnu | automake | 1.9.6 | |
| gnu | automake | 1.10 | |
| gnu | automake | 1.10.0.3 | |
| gnu | automake | 1.10.1 | |
| gnu | automake | 1.10.2 | |
| gnu | automake | 1.10.3 | |
| gnu | automake | 1.11.1 | |
| gnu | automake | 1.11.2 | |
| gnu | automake | 1.11.3 | |
| gnu | automake | 1.11.4 | |
| gnu | automake | 1.12 | |
| gnu | automake | 1.12.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:automake:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF1142BF-7EE4-4937-A928-86057C853BB8",
"versionEndIncluding": "1.11.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825E1F9E-0DFB-47BF-8D28-52B6804C199A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41C63958-FF26-4223-8EF5-1E2CEFD9DBC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "499D5653-552E-44EE-8183-FD5D05BF8F35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DE71E960-691A-4816-A04D-A8D1F3CDA2CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.4:p1:*:*:*:*:*:*",
"matchCriteriaId": "620AE4A6-8801-4E2E-BC16-4CA0A128EAD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.4:p2:*:*:*:*:*:*",
"matchCriteriaId": "5BB76EC2-1F74-4BB2-B1B5-F3416CDC345B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.4:p3:*:*:*:*:*:*",
"matchCriteriaId": "1E969575-F171-42B7-B02D-CD494D9F9CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.4:p4:*:*:*:*:*:*",
"matchCriteriaId": "6396CC6D-2290-4D98-90FD-498EFDAC690B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.4:p5:*:*:*:*:*:*",
"matchCriteriaId": "8227C2EC-7C6B-4C91-86FE-FD4892C0D855",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.4:p6:*:*:*:*:*:*",
"matchCriteriaId": "377CA093-EE7B-4F14-A9D0-62E678EE787E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8A8CECA9-BDE4-4E0D-9D1A-3A8B705736CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "37F4CA27-ECDF-4F2B-889B-954C1539DB8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A883A1BE-D2F9-43F6-9779-163762DC0BDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "098E2153-D183-4603-AB8E-A424E321CB3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A2C958A3-01F2-45A6-8F0B-74BE794E06CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6454F4F7-507E-4539-B566-39E5ABD9F3B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C19F15E-FBBC-4DEB-9438-DCF5FB9CD366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E466BA9-460D-4B7E-BD10-9CD072DE8846",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F9ECA16B-1AD3-4199-9D01-018DBDA0AD63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6667859B-7297-4BB1-97DB-195037EB71C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8C42854C-5241-43A8-9E27-0701CE97BB94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "855F7E05-B617-4046-B6E4-7894CD237654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FD6A46DF-3A7F-40EA-B2D6-BBDB8CEF2744",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "26C09EE5-460F-4169-A372-878E77120204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5205CF45-634B-4994-8CB1-C70B87FFC7D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9AFB9079-79EA-4DC3-9C86-72D90788AB35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B2ABAC0-D633-43B6-9BA2-E346E8D2BAAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A579BF1E-0ECE-4D1F-8849-359626B9F250",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9FAE2575-4611-481E-AA37-549B2F528864",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F29368AC-C9BA-451B-90DA-CCE8AB291946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "81FB30CC-D96B-443A-B1B5-61F207F80B04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6FF64364-4A8B-4155-9FDA-E4AF655EA826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E529FDE-1475-4F83-AD75-795AA2CFCE48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FAA3D112-97D4-4605-AAD9-ACD8C1901332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E44D4B2-F8E6-4D2E-800D-2101C1832261",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7565230F-80E8-49F2-BFC9-F33B690AC78D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "52DA2099-218B-4588-B381-539307426AB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "032119F6-768D-42BF-A4B8-2059BFA3AAD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "45D17CFC-3C6D-4EC1-9FED-2C158AC517C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.10.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5DD32447-BADF-4E6B-8745-75202A3AF83B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7348FBF0-AD00-4236-9CA0-BA01FD153629",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "06107483-9738-4C1A-A706-3DE7D9F04E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B2A91930-6A6C-4B56-99DF-8A06F270AEC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F35A4AC-1FA1-49CA-A465-5E0E6E05AC0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CE405EB-E067-464D-86AE-6F0C56C7250E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6C72AC-9EDB-4BB4-8C7F-BA1F886939EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DDD57193-65DC-4AFC-96C0-725AC176E7F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C64F490F-2837-4A97-BA1E-6E796B8B4F27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1CE494CF-6DD2-451E-B9F4-A102B06B9183",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The \"make distcheck\" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors."
},
{
"lang": "es",
"value": "La regla \"make distcheck\" en GNU Automake anterior a v1.11.6 y v1.12.x anterior a v1.12.2 asigna permisos world-writable al directorio de extracci\u00f3n, lo que produce una vulnerabilidad de condici\u00f3n de carrera que permite a usuarios locales ejecutar c\u00f3digo a trav\u00e9s de vectores no determinados."
}
],
"id": "CVE-2012-3386",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-07T21:55:01.420",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://git.savannah.gnu.org/cgit/automake.git/commit/?id=784b3e6ccc7c72a1c95c340cbbe8897d6b689d76"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089187.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087538.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087665.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00038.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0526.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:103"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00021.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00022.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://git.savannah.gnu.org/cgit/automake.git/commit/?id=784b3e6ccc7c72a1c95c340cbbe8897d6b689d76"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089187.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087538.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087665.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0526.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00023.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
},
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-20 02:30
Modified
2025-04-09 00:30
Severity ?
Summary
The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:automake:1.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B2A91930-6A6C-4B56-99DF-8A06F270AEC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F35A4AC-1FA1-49CA-A465-5E0E6E05AC0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:branch:1-9:*:*:*:*:*:*",
"matchCriteriaId": "4D37A8B9-BA44-4543-94C1-E10A4C7F39A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete."
},
{
"lang": "es",
"value": "Las reglas (1) dist o (2) distcheck en GNU Automake v1.11.1, v1.10.3, branch-1-4 a branch-1-9, cuando se genera una distribuci\u00f3n mediante fichero .tar de un paquete que usa Automake, asignan permisos inseguros (777) a los directorios en el \u00e1rbol de construcci\u00f3n, lo que introduce una condici\u00f3n de carrera que permite modificar, a los usuarios locales, el contenido de los archivos del paquete, la introducci\u00f3n de troyanos, o llevar a cabo otros ataques antes de que la construcci\u00f3n se haya completado."
}
],
"id": "CVE-2009-4029",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-12-20T02:30:00.483",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://lists.gnu.org/archive/html/automake-patches/2009-11/msg00017.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00010.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00011.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00013.html"
},
{
"source": "secalert@redhat.com",
"url": "http://savannah.gnu.org/forum/forum.php?forum_id=6077"
},
{
"source": "secalert@redhat.com",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021784.1-1"
},
{
"source": "secalert@redhat.com",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:203"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/514526/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2009/3579"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11717"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://lists.gnu.org/archive/html/automake-patches/2009-11/msg00017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://savannah.gnu.org/forum/forum.php?forum_id=6077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021784.1-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:203"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/514526/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/3579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11717"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "Red Hat is aware of this issue and is tracking it via the following\nbug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-4029\n\nThis issue was addressed in the automake, automake14, automake15, automake16 and automake17 packages as shipped with Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2010-0321.html\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, theres no plan to address this flaw in automake packages in Red Hat Enterprise Linux 3 and 4.",
"lastModified": "2010-03-31T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2009-4029 (GCVE-0-2009-4029)
Vulnerability from cvelistv5
Published
2009-12-20 02:00
Modified
2024-08-07 06:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:45:50.920Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2010:203",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:203"
},
{
"name": "[automake] 20091208 CVE-2009-4029 Automake security fix for \u0027make dist*\u0027",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html"
},
{
"name": "[automake-patches] 20091128 [PATCH] do not put world-writable directories in distribution tarballs",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/automake-patches/2009-11/msg00017.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://savannah.gnu.org/forum/forum.php?forum_id=6077"
},
{
"name": "[automake] 20091208 Re: CVE-2009-4029 Automake security fix for \u0027make dist*\u0027",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00013.html"
},
{
"name": "20101027 rPSA-2010-0071-1 automake",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/514526/100/0/threaded"
},
{
"name": "[automake] 20091208 GNU Automake 1.11.1 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00010.html"
},
{
"name": "oval:org.mitre.oval:def:11717",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11717"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071"
},
{
"name": "ADV-2009-3579",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3579"
},
{
"name": "[automake] 20091208 GNU Automake 1.10.3 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00011.html"
},
{
"name": "1021784",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021784.1-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "MDVSA-2010:203",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:203"
},
{
"name": "[automake] 20091208 CVE-2009-4029 Automake security fix for \u0027make dist*\u0027",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html"
},
{
"name": "[automake-patches] 20091128 [PATCH] do not put world-writable directories in distribution tarballs",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/automake-patches/2009-11/msg00017.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://savannah.gnu.org/forum/forum.php?forum_id=6077"
},
{
"name": "[automake] 20091208 Re: CVE-2009-4029 Automake security fix for \u0027make dist*\u0027",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00013.html"
},
{
"name": "20101027 rPSA-2010-0071-1 automake",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/514526/100/0/threaded"
},
{
"name": "[automake] 20091208 GNU Automake 1.11.1 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00010.html"
},
{
"name": "oval:org.mitre.oval:def:11717",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11717"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071"
},
{
"name": "ADV-2009-3579",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3579"
},
{
"name": "[automake] 20091208 GNU Automake 1.10.3 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00011.html"
},
{
"name": "1021784",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021784.1-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-4029",
"datePublished": "2009-12-20T02:00:00",
"dateReserved": "2009-11-20T00:00:00",
"dateUpdated": "2024-08-07T06:45:50.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3386 (GCVE-0-2012-3386)
Vulnerability from cvelistv5
Published
2012-08-07 21:00
Modified
2024-08-06 20:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2012-14770",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089187.html"
},
{
"name": "MDVSA-2012:103",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:103"
},
{
"name": "openSUSE-SU-2012:1519",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00038.html"
},
{
"name": "FEDORA-2012-14349",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087538.html"
},
{
"name": "RHSA-2013:0526",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0526.html"
},
{
"name": "[automake] 20120709 GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00021.html"
},
{
"name": "[automake] 20120709 GNU Automake 1.12.2 released (fixes a SECURITY VULNERABILITY!)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00022.html"
},
{
"name": "[automake] 20120709 CVE-2012-3386 Automake security fix for \u0027make distcheck\u0027",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00023.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.savannah.gnu.org/cgit/automake.git/commit/?id=784b3e6ccc7c72a1c95c340cbbe8897d6b689d76"
},
{
"name": "FEDORA-2012-14297",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087665.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The \"make distcheck\" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-12-19T10:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2012-14770",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089187.html"
},
{
"name": "MDVSA-2012:103",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:103"
},
{
"name": "openSUSE-SU-2012:1519",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00038.html"
},
{
"name": "FEDORA-2012-14349",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087538.html"
},
{
"name": "RHSA-2013:0526",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0526.html"
},
{
"name": "[automake] 20120709 GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00021.html"
},
{
"name": "[automake] 20120709 GNU Automake 1.12.2 released (fixes a SECURITY VULNERABILITY!)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00022.html"
},
{
"name": "[automake] 20120709 CVE-2012-3386 Automake security fix for \u0027make distcheck\u0027",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00023.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.savannah.gnu.org/cgit/automake.git/commit/?id=784b3e6ccc7c72a1c95c340cbbe8897d6b689d76"
},
{
"name": "FEDORA-2012-14297",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087665.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3386",
"datePublished": "2012-08-07T21:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}