Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities found for automake by gnu
CVE-2012-3386 (GCVE-0-2012-3386)
Vulnerability from nvd – Published: 2012-08-07 21:00 – Updated: 2024-08-06 20:05
VLAI
Summary
The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://lists.opensuse.org/opensuse-updates/2012-1… | vendor-advisoryx_refsource_SUSE |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://rhn.redhat.com/errata/RHSA-2013-0526.html | vendor-advisoryx_refsource_REDHAT |
| https://lists.gnu.org/archive/html/automake/2012-… | mailing-listx_refsource_MLIST |
| https://lists.gnu.org/archive/html/automake/2012-… | mailing-listx_refsource_MLIST |
| https://lists.gnu.org/archive/html/automake/2012-… | mailing-listx_refsource_MLIST |
| http://git.savannah.gnu.org/cgit/automake.git/com… | x_refsource_CONFIRM |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
Date Public
2012-07-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2012-14770",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089187.html"
},
{
"name": "MDVSA-2012:103",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:103"
},
{
"name": "openSUSE-SU-2012:1519",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00038.html"
},
{
"name": "FEDORA-2012-14349",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087538.html"
},
{
"name": "RHSA-2013:0526",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0526.html"
},
{
"name": "[automake] 20120709 GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00021.html"
},
{
"name": "[automake] 20120709 GNU Automake 1.12.2 released (fixes a SECURITY VULNERABILITY!)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00022.html"
},
{
"name": "[automake] 20120709 CVE-2012-3386 Automake security fix for \u0027make distcheck\u0027",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00023.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.savannah.gnu.org/cgit/automake.git/commit/?id=784b3e6ccc7c72a1c95c340cbbe8897d6b689d76"
},
{
"name": "FEDORA-2012-14297",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087665.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The \"make distcheck\" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-12-19T10:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2012-14770",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089187.html"
},
{
"name": "MDVSA-2012:103",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:103"
},
{
"name": "openSUSE-SU-2012:1519",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00038.html"
},
{
"name": "FEDORA-2012-14349",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087538.html"
},
{
"name": "RHSA-2013:0526",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0526.html"
},
{
"name": "[automake] 20120709 GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00021.html"
},
{
"name": "[automake] 20120709 GNU Automake 1.12.2 released (fixes a SECURITY VULNERABILITY!)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00022.html"
},
{
"name": "[automake] 20120709 CVE-2012-3386 Automake security fix for \u0027make distcheck\u0027",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00023.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.savannah.gnu.org/cgit/automake.git/commit/?id=784b3e6ccc7c72a1c95c340cbbe8897d6b689d76"
},
{
"name": "FEDORA-2012-14297",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087665.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3386",
"datePublished": "2012-08-07T21:00:00.000Z",
"dateReserved": "2012-06-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:05:12.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4029 (GCVE-0-2009-4029)
Vulnerability from nvd – Published: 2009-12-20 02:00 – Updated: 2024-08-07 06:45
VLAI
Summary
The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://lists.gnu.org/archive/html/automake/2009-1… | mailing-listx_refsource_MLIST |
| http://lists.gnu.org/archive/html/automake-patche… | mailing-listx_refsource_MLIST |
| http://savannah.gnu.org/forum/forum.php?forum_id=6077 | x_refsource_CONFIRM |
| http://lists.gnu.org/archive/html/automake/2009-1… | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/archive/1/514526/100… | mailing-listx_refsource_BUGTRAQ |
| http://lists.gnu.org/archive/html/automake/2009-1… | mailing-listx_refsource_MLIST |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071 | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2009/3579 | vdb-entryx_refsource_VUPEN |
| http://lists.gnu.org/archive/html/automake/2009-1… | mailing-listx_refsource_MLIST |
| http://sunsolve.sun.com/search/document.do?assetk… | vendor-advisoryx_refsource_SUNALERT |
Date Public
2009-11-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:45:50.920Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2010:203",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:203"
},
{
"name": "[automake] 20091208 CVE-2009-4029 Automake security fix for \u0027make dist*\u0027",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html"
},
{
"name": "[automake-patches] 20091128 [PATCH] do not put world-writable directories in distribution tarballs",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/automake-patches/2009-11/msg00017.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://savannah.gnu.org/forum/forum.php?forum_id=6077"
},
{
"name": "[automake] 20091208 Re: CVE-2009-4029 Automake security fix for \u0027make dist*\u0027",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00013.html"
},
{
"name": "20101027 rPSA-2010-0071-1 automake",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/514526/100/0/threaded"
},
{
"name": "[automake] 20091208 GNU Automake 1.11.1 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00010.html"
},
{
"name": "oval:org.mitre.oval:def:11717",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11717"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071"
},
{
"name": "ADV-2009-3579",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3579"
},
{
"name": "[automake] 20091208 GNU Automake 1.10.3 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00011.html"
},
{
"name": "1021784",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021784.1-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "MDVSA-2010:203",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:203"
},
{
"name": "[automake] 20091208 CVE-2009-4029 Automake security fix for \u0027make dist*\u0027",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html"
},
{
"name": "[automake-patches] 20091128 [PATCH] do not put world-writable directories in distribution tarballs",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/automake-patches/2009-11/msg00017.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://savannah.gnu.org/forum/forum.php?forum_id=6077"
},
{
"name": "[automake] 20091208 Re: CVE-2009-4029 Automake security fix for \u0027make dist*\u0027",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00013.html"
},
{
"name": "20101027 rPSA-2010-0071-1 automake",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/514526/100/0/threaded"
},
{
"name": "[automake] 20091208 GNU Automake 1.11.1 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00010.html"
},
{
"name": "oval:org.mitre.oval:def:11717",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11717"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071"
},
{
"name": "ADV-2009-3579",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3579"
},
{
"name": "[automake] 20091208 GNU Automake 1.10.3 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00011.html"
},
{
"name": "1021784",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021784.1-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-4029",
"datePublished": "2009-12-20T02:00:00.000Z",
"dateReserved": "2009-11-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:45:50.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3386 (GCVE-0-2012-3386)
Vulnerability from cvelistv5 – Published: 2012-08-07 21:00 – Updated: 2024-08-06 20:05
VLAI
Summary
The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://lists.opensuse.org/opensuse-updates/2012-1… | vendor-advisoryx_refsource_SUSE |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://rhn.redhat.com/errata/RHSA-2013-0526.html | vendor-advisoryx_refsource_REDHAT |
| https://lists.gnu.org/archive/html/automake/2012-… | mailing-listx_refsource_MLIST |
| https://lists.gnu.org/archive/html/automake/2012-… | mailing-listx_refsource_MLIST |
| https://lists.gnu.org/archive/html/automake/2012-… | mailing-listx_refsource_MLIST |
| http://git.savannah.gnu.org/cgit/automake.git/com… | x_refsource_CONFIRM |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
Date Public
2012-07-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2012-14770",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089187.html"
},
{
"name": "MDVSA-2012:103",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:103"
},
{
"name": "openSUSE-SU-2012:1519",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00038.html"
},
{
"name": "FEDORA-2012-14349",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087538.html"
},
{
"name": "RHSA-2013:0526",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0526.html"
},
{
"name": "[automake] 20120709 GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00021.html"
},
{
"name": "[automake] 20120709 GNU Automake 1.12.2 released (fixes a SECURITY VULNERABILITY!)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00022.html"
},
{
"name": "[automake] 20120709 CVE-2012-3386 Automake security fix for \u0027make distcheck\u0027",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00023.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.savannah.gnu.org/cgit/automake.git/commit/?id=784b3e6ccc7c72a1c95c340cbbe8897d6b689d76"
},
{
"name": "FEDORA-2012-14297",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087665.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The \"make distcheck\" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-12-19T10:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2012-14770",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089187.html"
},
{
"name": "MDVSA-2012:103",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:103"
},
{
"name": "openSUSE-SU-2012:1519",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00038.html"
},
{
"name": "FEDORA-2012-14349",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087538.html"
},
{
"name": "RHSA-2013:0526",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0526.html"
},
{
"name": "[automake] 20120709 GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00021.html"
},
{
"name": "[automake] 20120709 GNU Automake 1.12.2 released (fixes a SECURITY VULNERABILITY!)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00022.html"
},
{
"name": "[automake] 20120709 CVE-2012-3386 Automake security fix for \u0027make distcheck\u0027",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00023.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.savannah.gnu.org/cgit/automake.git/commit/?id=784b3e6ccc7c72a1c95c340cbbe8897d6b689d76"
},
{
"name": "FEDORA-2012-14297",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087665.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3386",
"datePublished": "2012-08-07T21:00:00.000Z",
"dateReserved": "2012-06-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:05:12.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4029 (GCVE-0-2009-4029)
Vulnerability from cvelistv5 – Published: 2009-12-20 02:00 – Updated: 2024-08-07 06:45
VLAI
Summary
The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://lists.gnu.org/archive/html/automake/2009-1… | mailing-listx_refsource_MLIST |
| http://lists.gnu.org/archive/html/automake-patche… | mailing-listx_refsource_MLIST |
| http://savannah.gnu.org/forum/forum.php?forum_id=6077 | x_refsource_CONFIRM |
| http://lists.gnu.org/archive/html/automake/2009-1… | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/archive/1/514526/100… | mailing-listx_refsource_BUGTRAQ |
| http://lists.gnu.org/archive/html/automake/2009-1… | mailing-listx_refsource_MLIST |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071 | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2009/3579 | vdb-entryx_refsource_VUPEN |
| http://lists.gnu.org/archive/html/automake/2009-1… | mailing-listx_refsource_MLIST |
| http://sunsolve.sun.com/search/document.do?assetk… | vendor-advisoryx_refsource_SUNALERT |
Date Public
2009-11-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:45:50.920Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2010:203",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:203"
},
{
"name": "[automake] 20091208 CVE-2009-4029 Automake security fix for \u0027make dist*\u0027",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html"
},
{
"name": "[automake-patches] 20091128 [PATCH] do not put world-writable directories in distribution tarballs",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/automake-patches/2009-11/msg00017.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://savannah.gnu.org/forum/forum.php?forum_id=6077"
},
{
"name": "[automake] 20091208 Re: CVE-2009-4029 Automake security fix for \u0027make dist*\u0027",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00013.html"
},
{
"name": "20101027 rPSA-2010-0071-1 automake",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/514526/100/0/threaded"
},
{
"name": "[automake] 20091208 GNU Automake 1.11.1 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00010.html"
},
{
"name": "oval:org.mitre.oval:def:11717",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11717"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071"
},
{
"name": "ADV-2009-3579",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3579"
},
{
"name": "[automake] 20091208 GNU Automake 1.10.3 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00011.html"
},
{
"name": "1021784",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021784.1-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "MDVSA-2010:203",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:203"
},
{
"name": "[automake] 20091208 CVE-2009-4029 Automake security fix for \u0027make dist*\u0027",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html"
},
{
"name": "[automake-patches] 20091128 [PATCH] do not put world-writable directories in distribution tarballs",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/automake-patches/2009-11/msg00017.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://savannah.gnu.org/forum/forum.php?forum_id=6077"
},
{
"name": "[automake] 20091208 Re: CVE-2009-4029 Automake security fix for \u0027make dist*\u0027",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00013.html"
},
{
"name": "20101027 rPSA-2010-0071-1 automake",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/514526/100/0/threaded"
},
{
"name": "[automake] 20091208 GNU Automake 1.11.1 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00010.html"
},
{
"name": "oval:org.mitre.oval:def:11717",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11717"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071"
},
{
"name": "ADV-2009-3579",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3579"
},
{
"name": "[automake] 20091208 GNU Automake 1.10.3 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00011.html"
},
{
"name": "1021784",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021784.1-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-4029",
"datePublished": "2009-12-20T02:00:00.000Z",
"dateReserved": "2009-11-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:45:50.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}