cvelistv5 - cve-2009-4029

CVE-2009-4029 (GCVE-0-2009-4029)

Vulnerability from cvelistv5

Published

2009-12-20 02:00

Modified

2024-08-07 06:45

Severity ?

CWE

Summary

The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.

References

►

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

opensuse-su-2024:10293-1

Vulnerability from csaf_opensuse

Published

2024-06-15 00:00

Modified

2024-06-15 00:00

Summary

cppi-1.18-2.4 on GA media

Notes

Title of the patch

cppi-1.18-2.4 on GA media

Description of the patch

These are all security issues fixed in the cppi-1.18-2.4 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-10293

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "cppi-1.18-2.4 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the cppi-1.18-2.4 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-10293",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10293-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2009-4029 page",
        "url": "https://www.suse.com/security/cve/CVE-2009-4029/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2012-3386 page",
        "url": "https://www.suse.com/security/cve/CVE-2012-3386/"
      }
    ],
    "title": "cppi-1.18-2.4 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:10293-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cppi-1.18-2.4.aarch64",
                "product": {
                  "name": "cppi-1.18-2.4.aarch64",
                  "product_id": "cppi-1.18-2.4.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "cppi-lang-1.18-2.4.aarch64",
                "product": {
                  "name": "cppi-lang-1.18-2.4.aarch64",
                  "product_id": "cppi-lang-1.18-2.4.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cppi-1.18-2.4.ppc64le",
                "product": {
                  "name": "cppi-1.18-2.4.ppc64le",
                  "product_id": "cppi-1.18-2.4.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "cppi-lang-1.18-2.4.ppc64le",
                "product": {
                  "name": "cppi-lang-1.18-2.4.ppc64le",
                  "product_id": "cppi-lang-1.18-2.4.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cppi-1.18-2.4.s390x",
                "product": {
                  "name": "cppi-1.18-2.4.s390x",
                  "product_id": "cppi-1.18-2.4.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "cppi-lang-1.18-2.4.s390x",
                "product": {
                  "name": "cppi-lang-1.18-2.4.s390x",
                  "product_id": "cppi-lang-1.18-2.4.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cppi-1.18-2.4.x86_64",
                "product": {
                  "name": "cppi-1.18-2.4.x86_64",
                  "product_id": "cppi-1.18-2.4.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "cppi-lang-1.18-2.4.x86_64",
                "product": {
                  "name": "cppi-lang-1.18-2.4.x86_64",
                  "product_id": "cppi-lang-1.18-2.4.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cppi-1.18-2.4.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cppi-1.18-2.4.aarch64"
        },
        "product_reference": "cppi-1.18-2.4.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cppi-1.18-2.4.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cppi-1.18-2.4.ppc64le"
        },
        "product_reference": "cppi-1.18-2.4.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cppi-1.18-2.4.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cppi-1.18-2.4.s390x"
        },
        "product_reference": "cppi-1.18-2.4.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cppi-1.18-2.4.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cppi-1.18-2.4.x86_64"
        },
        "product_reference": "cppi-1.18-2.4.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cppi-lang-1.18-2.4.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cppi-lang-1.18-2.4.aarch64"
        },
        "product_reference": "cppi-lang-1.18-2.4.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cppi-lang-1.18-2.4.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cppi-lang-1.18-2.4.ppc64le"
        },
        "product_reference": "cppi-lang-1.18-2.4.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cppi-lang-1.18-2.4.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cppi-lang-1.18-2.4.s390x"
        },
        "product_reference": "cppi-lang-1.18-2.4.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cppi-lang-1.18-2.4.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cppi-lang-1.18-2.4.x86_64"
        },
        "product_reference": "cppi-lang-1.18-2.4.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2009-4029",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2009-4029"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:cppi-1.18-2.4.aarch64",
          "openSUSE Tumbleweed:cppi-1.18-2.4.ppc64le",
          "openSUSE Tumbleweed:cppi-1.18-2.4.s390x",
          "openSUSE Tumbleweed:cppi-1.18-2.4.x86_64",
          "openSUSE Tumbleweed:cppi-lang-1.18-2.4.aarch64",
          "openSUSE Tumbleweed:cppi-lang-1.18-2.4.ppc64le",
          "openSUSE Tumbleweed:cppi-lang-1.18-2.4.s390x",
          "openSUSE Tumbleweed:cppi-lang-1.18-2.4.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2009-4029",
          "url": "https://www.suse.com/security/cve/CVE-2009-4029"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 559815 for CVE-2009-4029",
          "url": "https://bugzilla.suse.com/559815"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 770618 for CVE-2009-4029",
          "url": "https://bugzilla.suse.com/770618"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 786745 for CVE-2009-4029",
          "url": "https://bugzilla.suse.com/786745"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:cppi-1.18-2.4.aarch64",
            "openSUSE Tumbleweed:cppi-1.18-2.4.ppc64le",
            "openSUSE Tumbleweed:cppi-1.18-2.4.s390x",
            "openSUSE Tumbleweed:cppi-1.18-2.4.x86_64",
            "openSUSE Tumbleweed:cppi-lang-1.18-2.4.aarch64",
            "openSUSE Tumbleweed:cppi-lang-1.18-2.4.ppc64le",
            "openSUSE Tumbleweed:cppi-lang-1.18-2.4.s390x",
            "openSUSE Tumbleweed:cppi-lang-1.18-2.4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2009-4029"
    },
    {
      "cve": "CVE-2012-3386",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2012-3386"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The \"make distcheck\" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:cppi-1.18-2.4.aarch64",
          "openSUSE Tumbleweed:cppi-1.18-2.4.ppc64le",
          "openSUSE Tumbleweed:cppi-1.18-2.4.s390x",
          "openSUSE Tumbleweed:cppi-1.18-2.4.x86_64",
          "openSUSE Tumbleweed:cppi-lang-1.18-2.4.aarch64",
          "openSUSE Tumbleweed:cppi-lang-1.18-2.4.ppc64le",
          "openSUSE Tumbleweed:cppi-lang-1.18-2.4.s390x",
          "openSUSE Tumbleweed:cppi-lang-1.18-2.4.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2012-3386",
          "url": "https://www.suse.com/security/cve/CVE-2012-3386"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 770618 for CVE-2012-3386",
          "url": "https://bugzilla.suse.com/770618"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 786745 for CVE-2012-3386",
          "url": "https://bugzilla.suse.com/786745"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:cppi-1.18-2.4.aarch64",
            "openSUSE Tumbleweed:cppi-1.18-2.4.ppc64le",
            "openSUSE Tumbleweed:cppi-1.18-2.4.s390x",
            "openSUSE Tumbleweed:cppi-1.18-2.4.x86_64",
            "openSUSE Tumbleweed:cppi-lang-1.18-2.4.aarch64",
            "openSUSE Tumbleweed:cppi-lang-1.18-2.4.ppc64le",
            "openSUSE Tumbleweed:cppi-lang-1.18-2.4.s390x",
            "openSUSE Tumbleweed:cppi-lang-1.18-2.4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2012-3386"
    }
  ]
}

opensuse-su-2024:10027-1

Vulnerability from csaf_opensuse

Published

2024-06-15 00:00

Modified

2024-06-15 00:00

Summary

automake-1.15-4.6 on GA media

Notes

Title of the patch

automake-1.15-4.6 on GA media

Description of the patch

These are all security issues fixed in the automake-1.15-4.6 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-10027

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "automake-1.15-4.6 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the automake-1.15-4.6 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-10027",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10027-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2009-4029 page",
        "url": "https://www.suse.com/security/cve/CVE-2009-4029/"
      }
    ],
    "title": "automake-1.15-4.6 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:10027-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "automake-1.15-4.6.aarch64",
                "product": {
                  "name": "automake-1.15-4.6.aarch64",
                  "product_id": "automake-1.15-4.6.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "m4-1.4.17-5.7.aarch64",
                "product": {
                  "name": "m4-1.4.17-5.7.aarch64",
                  "product_id": "m4-1.4.17-5.7.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "automake-1.15-4.6.ppc64le",
                "product": {
                  "name": "automake-1.15-4.6.ppc64le",
                  "product_id": "automake-1.15-4.6.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "m4-1.4.17-5.7.ppc64le",
                "product": {
                  "name": "m4-1.4.17-5.7.ppc64le",
                  "product_id": "m4-1.4.17-5.7.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "automake-1.15-4.6.s390x",
                "product": {
                  "name": "automake-1.15-4.6.s390x",
                  "product_id": "automake-1.15-4.6.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "m4-1.4.17-5.7.s390x",
                "product": {
                  "name": "m4-1.4.17-5.7.s390x",
                  "product_id": "m4-1.4.17-5.7.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "automake-1.15-4.6.x86_64",
                "product": {
                  "name": "automake-1.15-4.6.x86_64",
                  "product_id": "automake-1.15-4.6.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "m4-1.4.17-5.7.x86_64",
                "product": {
                  "name": "m4-1.4.17-5.7.x86_64",
                  "product_id": "m4-1.4.17-5.7.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "automake-1.15-4.6.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:automake-1.15-4.6.aarch64"
        },
        "product_reference": "automake-1.15-4.6.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "automake-1.15-4.6.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:automake-1.15-4.6.ppc64le"
        },
        "product_reference": "automake-1.15-4.6.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "automake-1.15-4.6.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:automake-1.15-4.6.s390x"
        },
        "product_reference": "automake-1.15-4.6.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "automake-1.15-4.6.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:automake-1.15-4.6.x86_64"
        },
        "product_reference": "automake-1.15-4.6.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "m4-1.4.17-5.7.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:m4-1.4.17-5.7.aarch64"
        },
        "product_reference": "m4-1.4.17-5.7.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "m4-1.4.17-5.7.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:m4-1.4.17-5.7.ppc64le"
        },
        "product_reference": "m4-1.4.17-5.7.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "m4-1.4.17-5.7.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:m4-1.4.17-5.7.s390x"
        },
        "product_reference": "m4-1.4.17-5.7.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "m4-1.4.17-5.7.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:m4-1.4.17-5.7.x86_64"
        },
        "product_reference": "m4-1.4.17-5.7.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2009-4029",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2009-4029"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:automake-1.15-4.6.aarch64",
          "openSUSE Tumbleweed:automake-1.15-4.6.ppc64le",
          "openSUSE Tumbleweed:automake-1.15-4.6.s390x",
          "openSUSE Tumbleweed:automake-1.15-4.6.x86_64",
          "openSUSE Tumbleweed:m4-1.4.17-5.7.aarch64",
          "openSUSE Tumbleweed:m4-1.4.17-5.7.ppc64le",
          "openSUSE Tumbleweed:m4-1.4.17-5.7.s390x",
          "openSUSE Tumbleweed:m4-1.4.17-5.7.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2009-4029",
          "url": "https://www.suse.com/security/cve/CVE-2009-4029"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 559815 for CVE-2009-4029",
          "url": "https://bugzilla.suse.com/559815"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 770618 for CVE-2009-4029",
          "url": "https://bugzilla.suse.com/770618"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 786745 for CVE-2009-4029",
          "url": "https://bugzilla.suse.com/786745"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:automake-1.15-4.6.aarch64",
            "openSUSE Tumbleweed:automake-1.15-4.6.ppc64le",
            "openSUSE Tumbleweed:automake-1.15-4.6.s390x",
            "openSUSE Tumbleweed:automake-1.15-4.6.x86_64",
            "openSUSE Tumbleweed:m4-1.4.17-5.7.aarch64",
            "openSUSE Tumbleweed:m4-1.4.17-5.7.ppc64le",
            "openSUSE Tumbleweed:m4-1.4.17-5.7.s390x",
            "openSUSE Tumbleweed:m4-1.4.17-5.7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2009-4029"
    }
  ]
}

fkie_cve-2009-4029

Vulnerability from fkie_nvd

Published

2009-12-20 02:30

Modified

2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://lists.gnu.org/archive/html/automake-patches/2009-11/msg00017.html	Exploit
secalert@redhat.com	http://lists.gnu.org/archive/html/automake/2009-12/msg00010.html
secalert@redhat.com	http://lists.gnu.org/archive/html/automake/2009-12/msg00011.html
secalert@redhat.com	http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html	Patch
secalert@redhat.com	http://lists.gnu.org/archive/html/automake/2009-12/msg00013.html
secalert@redhat.com	http://savannah.gnu.org/forum/forum.php?forum_id=6077
secalert@redhat.com	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021784.1-1
secalert@redhat.com	http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2010:203
secalert@redhat.com	http://www.securityfocus.com/archive/1/514526/100/0/threaded
secalert@redhat.com	http://www.vupen.com/english/advisories/2009/3579
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11717
af854a3a-2127-422b-91ae-364da2661108	http://lists.gnu.org/archive/html/automake-patches/2009-11/msg00017.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://lists.gnu.org/archive/html/automake/2009-12/msg00010.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.gnu.org/archive/html/automake/2009-12/msg00011.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://lists.gnu.org/archive/html/automake/2009-12/msg00013.html
af854a3a-2127-422b-91ae-364da2661108	http://savannah.gnu.org/forum/forum.php?forum_id=6077
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021784.1-1
af854a3a-2127-422b-91ae-364da2661108	http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2010:203
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/514526/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/3579
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11717

Impacted products

Vendor	Product	Version
gnu	automake	1.10.3
gnu	automake	1.11.1
gnu	automake	branch

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnu:automake:1.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2A91930-6A6C-4B56-99DF-8A06F270AEC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:automake:1.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F35A4AC-1FA1-49CA-A465-5E0E6E05AC0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:automake:branch:1-9:*:*:*:*:*:*",
              "matchCriteriaId": "4D37A8B9-BA44-4543-94C1-E10A4C7F39A3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete."
    },
    {
      "lang": "es",
      "value": "Las reglas (1) dist o (2) distcheck en GNU Automake v1.11.1, v1.10.3, branch-1-4 a branch-1-9, cuando se genera una distribuci\u00f3n mediante fichero .tar de un paquete que usa Automake, asignan permisos inseguros (777) a los directorios en el \u00e1rbol de construcci\u00f3n, lo que introduce una condici\u00f3n de carrera que permite modificar, a los usuarios locales, el contenido de los archivos del paquete, la introducci\u00f3n de troyanos, o llevar a cabo otros ataques antes de que la construcci\u00f3n se haya completado."
    }
  ],
  "id": "CVE-2009-4029",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-12-20T02:30:00.483",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://lists.gnu.org/archive/html/automake-patches/2009-11/msg00017.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00010.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00011.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00013.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://savannah.gnu.org/forum/forum.php?forum_id=6077"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021784.1-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:203"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/514526/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2009/3579"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11717"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://lists.gnu.org/archive/html/automake-patches/2009-11/msg00017.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00010.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00011.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00013.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://savannah.gnu.org/forum/forum.php?forum_id=6077"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021784.1-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:203"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/514526/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/3579"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11717"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vendorComments": [
    {
      "comment": "Red Hat is aware of this issue and is tracking it via the following\nbug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-4029\n\nThis issue was addressed in the automake, automake14, automake15, automake16 and automake17 packages as shipped with Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2010-0321.html\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, theres no plan to address this flaw in automake packages in Red Hat Enterprise Linux 3 and 4.",
      "lastModified": "2010-03-31T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-362"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

rhsa-2010:0321

Vulnerability from csaf_redhat

Published

2010-03-29 12:00

Modified

2024-11-22 03:16

Summary

Red Hat Security Advisory: automake security update

Notes

Topic

Updated automake, automake14, automake15, automake16, and automake17 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

Details

Automake is a tool for automatically generating Makefile.in files compliant with the GNU Coding Standards. Automake-generated Makefiles made certain directories world-writable when preparing source archives, as was recommended by the GNU Coding Standards. If a malicious, local user could access the directory where a victim was creating distribution archives, they could use this flaw to modify the files being added to those archives. Makefiles generated by these updated automake packages no longer make distribution directories world-writable, as recommended by the updated GNU Coding Standards. (CVE-2009-4029) Note: This issue affected Makefile targets used by developers to prepare distribution source archives. Those targets are not used when compiling programs from the source code. All users of automake, automake14, automake15, automake16, and automake17 should upgrade to these updated packages, which resolve this issue.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Low"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated automake, automake14, automake15, automake16, and automake17\npackages that fix one security issue are now available for Red Hat\nEnterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Automake is a tool for automatically generating Makefile.in files compliant\nwith the GNU Coding Standards.\n\nAutomake-generated Makefiles made certain directories world-writable when\npreparing source archives, as was recommended by the GNU Coding Standards.\nIf a malicious, local user could access the directory where a victim was\ncreating distribution archives, they could use this flaw to modify the\nfiles being added to those archives. Makefiles generated by these updated\nautomake packages no longer make distribution directories world-writable,\nas recommended by the updated GNU Coding Standards. (CVE-2009-4029)\n\nNote: This issue affected Makefile targets used by developers to prepare\ndistribution source archives. Those targets are not used when compiling\nprograms from the source code.\n\nAll users of automake, automake14, automake15, automake16, and automake17\nshould upgrade to these updated packages, which resolve this issue.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2010:0321",
        "url": "https://access.redhat.com/errata/RHSA-2010:0321"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#low",
        "url": "https://access.redhat.com/security/updates/classification/#low"
      },
      {
        "category": "external",
        "summary": "http://www.gnu.org/prep/standards/html_node/Releases.html",
        "url": "http://www.gnu.org/prep/standards/html_node/Releases.html"
      },
      {
        "category": "external",
        "summary": "542609",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=542609"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0321.json"
      }
    ],
    "title": "Red Hat Security Advisory: automake security update",
    "tracking": {
      "current_release_date": "2024-11-22T03:16:28+00:00",
      "generator": {
        "date": "2024-11-22T03:16:28+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2010:0321",
      "initial_release_date": "2010-03-29T12:00:00+00:00",
      "revision_history": [
        {
          "date": "2010-03-29T12:00:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2010-03-29T10:44:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T03:16:28+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
                  "product_id": "5Client-Workstation",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::client_workstation"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux (v. 5 server)",
                "product": {
                  "name": "Red Hat Enterprise Linux (v. 5 server)",
                  "product_id": "5Server",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:5::server"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "automake14-0:1.4p6-13.el5.1.src",
                "product": {
                  "name": "automake14-0:1.4p6-13.el5.1.src",
                  "product_id": "automake14-0:1.4p6-13.el5.1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/automake14@1.4p6-13.el5.1?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "automake15-0:1.5-16.el5.2.src",
                "product": {
                  "name": "automake15-0:1.5-16.el5.2.src",
                  "product_id": "automake15-0:1.5-16.el5.2.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/automake15@1.5-16.el5.2?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "automake16-0:1.6.3-8.el5.1.src",
                "product": {
                  "name": "automake16-0:1.6.3-8.el5.1.src",
                  "product_id": "automake16-0:1.6.3-8.el5.1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/automake16@1.6.3-8.el5.1?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "automake17-0:1.7.9-7.el5.2.src",
                "product": {
                  "name": "automake17-0:1.7.9-7.el5.2.src",
                  "product_id": "automake17-0:1.7.9-7.el5.2.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/automake17@1.7.9-7.el5.2?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "automake-0:1.9.6-2.3.el5.src",
                "product": {
                  "name": "automake-0:1.9.6-2.3.el5.src",
                  "product_id": "automake-0:1.9.6-2.3.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/automake@1.9.6-2.3.el5?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "automake14-0:1.4p6-13.el5.1.noarch",
                "product": {
                  "name": "automake14-0:1.4p6-13.el5.1.noarch",
                  "product_id": "automake14-0:1.4p6-13.el5.1.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/automake14@1.4p6-13.el5.1?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "automake15-0:1.5-16.el5.2.noarch",
                "product": {
                  "name": "automake15-0:1.5-16.el5.2.noarch",
                  "product_id": "automake15-0:1.5-16.el5.2.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/automake15@1.5-16.el5.2?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "automake16-0:1.6.3-8.el5.1.noarch",
                "product": {
                  "name": "automake16-0:1.6.3-8.el5.1.noarch",
                  "product_id": "automake16-0:1.6.3-8.el5.1.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/automake16@1.6.3-8.el5.1?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "automake17-0:1.7.9-7.el5.2.noarch",
                "product": {
                  "name": "automake17-0:1.7.9-7.el5.2.noarch",
                  "product_id": "automake17-0:1.7.9-7.el5.2.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/automake17@1.7.9-7.el5.2?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "automake-0:1.9.6-2.3.el5.noarch",
                "product": {
                  "name": "automake-0:1.9.6-2.3.el5.noarch",
                  "product_id": "automake-0:1.9.6-2.3.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/automake@1.9.6-2.3.el5?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "automake-0:1.9.6-2.3.el5.noarch as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:automake-0:1.9.6-2.3.el5.noarch"
        },
        "product_reference": "automake-0:1.9.6-2.3.el5.noarch",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "automake-0:1.9.6-2.3.el5.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:automake-0:1.9.6-2.3.el5.src"
        },
        "product_reference": "automake-0:1.9.6-2.3.el5.src",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "automake14-0:1.4p6-13.el5.1.noarch as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:automake14-0:1.4p6-13.el5.1.noarch"
        },
        "product_reference": "automake14-0:1.4p6-13.el5.1.noarch",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "automake14-0:1.4p6-13.el5.1.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:automake14-0:1.4p6-13.el5.1.src"
        },
        "product_reference": "automake14-0:1.4p6-13.el5.1.src",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "automake15-0:1.5-16.el5.2.noarch as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:automake15-0:1.5-16.el5.2.noarch"
        },
        "product_reference": "automake15-0:1.5-16.el5.2.noarch",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "automake15-0:1.5-16.el5.2.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:automake15-0:1.5-16.el5.2.src"
        },
        "product_reference": "automake15-0:1.5-16.el5.2.src",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "automake16-0:1.6.3-8.el5.1.noarch as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:automake16-0:1.6.3-8.el5.1.noarch"
        },
        "product_reference": "automake16-0:1.6.3-8.el5.1.noarch",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "automake16-0:1.6.3-8.el5.1.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:automake16-0:1.6.3-8.el5.1.src"
        },
        "product_reference": "automake16-0:1.6.3-8.el5.1.src",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "automake17-0:1.7.9-7.el5.2.noarch as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:automake17-0:1.7.9-7.el5.2.noarch"
        },
        "product_reference": "automake17-0:1.7.9-7.el5.2.noarch",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "automake17-0:1.7.9-7.el5.2.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
          "product_id": "5Client-Workstation:automake17-0:1.7.9-7.el5.2.src"
        },
        "product_reference": "automake17-0:1.7.9-7.el5.2.src",
        "relates_to_product_reference": "5Client-Workstation"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "automake-0:1.9.6-2.3.el5.noarch as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:automake-0:1.9.6-2.3.el5.noarch"
        },
        "product_reference": "automake-0:1.9.6-2.3.el5.noarch",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "automake-0:1.9.6-2.3.el5.src as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:automake-0:1.9.6-2.3.el5.src"
        },
        "product_reference": "automake-0:1.9.6-2.3.el5.src",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "automake14-0:1.4p6-13.el5.1.noarch as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:automake14-0:1.4p6-13.el5.1.noarch"
        },
        "product_reference": "automake14-0:1.4p6-13.el5.1.noarch",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "automake14-0:1.4p6-13.el5.1.src as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:automake14-0:1.4p6-13.el5.1.src"
        },
        "product_reference": "automake14-0:1.4p6-13.el5.1.src",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "automake15-0:1.5-16.el5.2.noarch as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:automake15-0:1.5-16.el5.2.noarch"
        },
        "product_reference": "automake15-0:1.5-16.el5.2.noarch",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "automake15-0:1.5-16.el5.2.src as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:automake15-0:1.5-16.el5.2.src"
        },
        "product_reference": "automake15-0:1.5-16.el5.2.src",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "automake16-0:1.6.3-8.el5.1.noarch as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:automake16-0:1.6.3-8.el5.1.noarch"
        },
        "product_reference": "automake16-0:1.6.3-8.el5.1.noarch",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "automake16-0:1.6.3-8.el5.1.src as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:automake16-0:1.6.3-8.el5.1.src"
        },
        "product_reference": "automake16-0:1.6.3-8.el5.1.src",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "automake17-0:1.7.9-7.el5.2.noarch as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:automake17-0:1.7.9-7.el5.2.noarch"
        },
        "product_reference": "automake17-0:1.7.9-7.el5.2.noarch",
        "relates_to_product_reference": "5Server"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "automake17-0:1.7.9-7.el5.2.src as a component of Red Hat Enterprise Linux (v. 5 server)",
          "product_id": "5Server:automake17-0:1.7.9-7.el5.2.src"
        },
        "product_reference": "automake17-0:1.7.9-7.el5.2.src",
        "relates_to_product_reference": "5Server"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2009-4029",
      "discovery_date": "2009-11-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "542609"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Automake: Race condition by creation of \"distdir\" based directory hierarchy",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The Red Hat Product Security has rated this issue as having low security impact, theres no plan to address this flaw in automake packages in Red Hat Enterprise Linux 3 and 4.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Client-Workstation:automake-0:1.9.6-2.3.el5.noarch",
          "5Client-Workstation:automake-0:1.9.6-2.3.el5.src",
          "5Client-Workstation:automake14-0:1.4p6-13.el5.1.noarch",
          "5Client-Workstation:automake14-0:1.4p6-13.el5.1.src",
          "5Client-Workstation:automake15-0:1.5-16.el5.2.noarch",
          "5Client-Workstation:automake15-0:1.5-16.el5.2.src",
          "5Client-Workstation:automake16-0:1.6.3-8.el5.1.noarch",
          "5Client-Workstation:automake16-0:1.6.3-8.el5.1.src",
          "5Client-Workstation:automake17-0:1.7.9-7.el5.2.noarch",
          "5Client-Workstation:automake17-0:1.7.9-7.el5.2.src",
          "5Server:automake-0:1.9.6-2.3.el5.noarch",
          "5Server:automake-0:1.9.6-2.3.el5.src",
          "5Server:automake14-0:1.4p6-13.el5.1.noarch",
          "5Server:automake14-0:1.4p6-13.el5.1.src",
          "5Server:automake15-0:1.5-16.el5.2.noarch",
          "5Server:automake15-0:1.5-16.el5.2.src",
          "5Server:automake16-0:1.6.3-8.el5.1.noarch",
          "5Server:automake16-0:1.6.3-8.el5.1.src",
          "5Server:automake17-0:1.7.9-7.el5.2.noarch",
          "5Server:automake17-0:1.7.9-7.el5.2.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-4029"
        },
        {
          "category": "external",
          "summary": "RHBZ#542609",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=542609"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-4029",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-4029"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4029",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4029"
        }
      ],
      "release_date": "2009-12-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2010-03-29T12:00:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "5Client-Workstation:automake-0:1.9.6-2.3.el5.noarch",
            "5Client-Workstation:automake-0:1.9.6-2.3.el5.src",
            "5Client-Workstation:automake14-0:1.4p6-13.el5.1.noarch",
            "5Client-Workstation:automake14-0:1.4p6-13.el5.1.src",
            "5Client-Workstation:automake15-0:1.5-16.el5.2.noarch",
            "5Client-Workstation:automake15-0:1.5-16.el5.2.src",
            "5Client-Workstation:automake16-0:1.6.3-8.el5.1.noarch",
            "5Client-Workstation:automake16-0:1.6.3-8.el5.1.src",
            "5Client-Workstation:automake17-0:1.7.9-7.el5.2.noarch",
            "5Client-Workstation:automake17-0:1.7.9-7.el5.2.src",
            "5Server:automake-0:1.9.6-2.3.el5.noarch",
            "5Server:automake-0:1.9.6-2.3.el5.src",
            "5Server:automake14-0:1.4p6-13.el5.1.noarch",
            "5Server:automake14-0:1.4p6-13.el5.1.src",
            "5Server:automake15-0:1.5-16.el5.2.noarch",
            "5Server:automake15-0:1.5-16.el5.2.src",
            "5Server:automake16-0:1.6.3-8.el5.1.noarch",
            "5Server:automake16-0:1.6.3-8.el5.1.src",
            "5Server:automake17-0:1.7.9-7.el5.2.noarch",
            "5Server:automake17-0:1.7.9-7.el5.2.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2010:0321"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 3.7,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "5Client-Workstation:automake-0:1.9.6-2.3.el5.noarch",
            "5Client-Workstation:automake-0:1.9.6-2.3.el5.src",
            "5Client-Workstation:automake14-0:1.4p6-13.el5.1.noarch",
            "5Client-Workstation:automake14-0:1.4p6-13.el5.1.src",
            "5Client-Workstation:automake15-0:1.5-16.el5.2.noarch",
            "5Client-Workstation:automake15-0:1.5-16.el5.2.src",
            "5Client-Workstation:automake16-0:1.6.3-8.el5.1.noarch",
            "5Client-Workstation:automake16-0:1.6.3-8.el5.1.src",
            "5Client-Workstation:automake17-0:1.7.9-7.el5.2.noarch",
            "5Client-Workstation:automake17-0:1.7.9-7.el5.2.src",
            "5Server:automake-0:1.9.6-2.3.el5.noarch",
            "5Server:automake-0:1.9.6-2.3.el5.src",
            "5Server:automake14-0:1.4p6-13.el5.1.noarch",
            "5Server:automake14-0:1.4p6-13.el5.1.src",
            "5Server:automake15-0:1.5-16.el5.2.noarch",
            "5Server:automake15-0:1.5-16.el5.2.src",
            "5Server:automake16-0:1.6.3-8.el5.1.noarch",
            "5Server:automake16-0:1.6.3-8.el5.1.src",
            "5Server:automake17-0:1.7.9-7.el5.2.noarch",
            "5Server:automake17-0:1.7.9-7.el5.2.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "Automake: Race condition by creation of \"distdir\" based directory hierarchy"
    }
  ]
}

ghsa-9xh2-rhpf-vx4p

Vulnerability from github

Published

2022-05-02 03:50

Modified

2022-05-02 03:50

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-4029"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-12-20T02:30:00Z",
    "severity": "MODERATE"
  },
  "details": "The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.",
  "id": "GHSA-9xh2-rhpf-vx4p",
  "modified": "2022-05-02T03:50:43Z",
  "published": "2022-05-02T03:50:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4029"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11717"
    },
    {
      "type": "WEB",
      "url": "http://lists.gnu.org/archive/html/automake-patches/2009-11/msg00017.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00010.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00011.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00013.html"
    },
    {
      "type": "WEB",
      "url": "http://savannah.gnu.org/forum/forum.php?forum_id=6077"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021784.1-1"
    },
    {
      "type": "WEB",
      "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:203"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/514526/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/3579"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2009-4029

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2009-4029

Aliases

CVE-2009-4029

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-4029",
    "description": "The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.",
    "id": "GSD-2009-4029",
    "references": [
      "https://www.suse.com/security/cve/CVE-2009-4029.html",
      "https://access.redhat.com/errata/RHSA-2010:0321",
      "https://linux.oracle.com/cve/CVE-2009-4029.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-4029"
      ],
      "details": "The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.",
      "id": "GSD-2009-4029",
      "modified": "2023-12-13T01:19:45.086691Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2009-4029",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://lists.gnu.org/archive/html/automake-patches/2009-11/msg00017.html",
            "refsource": "MISC",
            "url": "http://lists.gnu.org/archive/html/automake-patches/2009-11/msg00017.html"
          },
          {
            "name": "http://lists.gnu.org/archive/html/automake/2009-12/msg00010.html",
            "refsource": "MISC",
            "url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00010.html"
          },
          {
            "name": "http://lists.gnu.org/archive/html/automake/2009-12/msg00011.html",
            "refsource": "MISC",
            "url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00011.html"
          },
          {
            "name": "http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html",
            "refsource": "MISC",
            "url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html"
          },
          {
            "name": "http://lists.gnu.org/archive/html/automake/2009-12/msg00013.html",
            "refsource": "MISC",
            "url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00013.html"
          },
          {
            "name": "http://savannah.gnu.org/forum/forum.php?forum_id=6077",
            "refsource": "MISC",
            "url": "http://savannah.gnu.org/forum/forum.php?forum_id=6077"
          },
          {
            "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021784.1-1",
            "refsource": "MISC",
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021784.1-1"
          },
          {
            "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071",
            "refsource": "MISC",
            "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071"
          },
          {
            "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:203",
            "refsource": "MISC",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:203"
          },
          {
            "name": "http://www.securityfocus.com/archive/1/514526/100/0/threaded",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/archive/1/514526/100/0/threaded"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2009/3579",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2009/3579"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11717",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11717"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:gnu:automake:1.11.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:automake:branch:1-9:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gnu:automake:1.10.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2009-4029"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-362"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[automake] 20091208 GNU Automake 1.10.3 released",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00011.html"
            },
            {
              "name": "[automake] 20091208 Re: CVE-2009-4029 Automake security fix for \u0027make dist*\u0027",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00013.html"
            },
            {
              "name": "[automake] 20091208 CVE-2009-4029 Automake security fix for \u0027make dist*\u0027",
              "refsource": "MLIST",
              "tags": [
                "Patch"
              ],
              "url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html"
            },
            {
              "name": "[automake] 20091208 GNU Automake 1.11.1 released",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00010.html"
            },
            {
              "name": "http://savannah.gnu.org/forum/forum.php?forum_id=6077",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://savannah.gnu.org/forum/forum.php?forum_id=6077"
            },
            {
              "name": "[automake-patches] 20091128 [PATCH] do not put world-writable directories in distribution tarballs",
              "refsource": "MLIST",
              "tags": [
                "Exploit"
              ],
              "url": "http://lists.gnu.org/archive/html/automake-patches/2009-11/msg00017.html"
            },
            {
              "name": "ADV-2009-3579",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2009/3579"
            },
            {
              "name": "1021784",
              "refsource": "SUNALERT",
              "tags": [],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021784.1-1"
            },
            {
              "name": "MDVSA-2010:203",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:203"
            },
            {
              "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071"
            },
            {
              "name": "oval:org.mitre.oval:def:11717",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11717"
            },
            {
              "name": "20101027 rPSA-2010-0071-1 automake",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/514526/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-10T19:48Z",
      "publishedDate": "2009-12-20T02:30Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2009-4029 (GCVE-0-2009-4029)

Vulnerability from cvelistv5

opensuse-su-2024:10293-1

Vulnerability from csaf_opensuse

opensuse-su-2024:10027-1

Vulnerability from csaf_opensuse

fkie_cve-2009-4029

Vulnerability from fkie_nvd

rhsa-2010:0321

Vulnerability from csaf_redhat

ghsa-9xh2-rhpf-vx4p

Vulnerability from github

gsd-2009-4029

Vulnerability from gsd

Tags

Sightings

Nomenclature