Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2009-4029 (GCVE-0-2009-4029)
Vulnerability from cvelistv5 – Published: 2009-12-20 02:00 – Updated: 2024-08-07 06:45
VLAI
EPSS
Summary
The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://lists.gnu.org/archive/html/automake/2009-1… | mailing-listx_refsource_MLIST |
| http://lists.gnu.org/archive/html/automake-patche… | mailing-listx_refsource_MLIST |
| http://savannah.gnu.org/forum/forum.php?forum_id=6077 | x_refsource_CONFIRM |
| http://lists.gnu.org/archive/html/automake/2009-1… | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/archive/1/514526/100… | mailing-listx_refsource_BUGTRAQ |
| http://lists.gnu.org/archive/html/automake/2009-1… | mailing-listx_refsource_MLIST |
| https://oval.cisecurity.org/repository/search/def… | vdb-entrysignaturex_refsource_OVAL |
| http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071 | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2009/3579 | vdb-entryx_refsource_VUPEN |
| http://lists.gnu.org/archive/html/automake/2009-1… | mailing-listx_refsource_MLIST |
| http://sunsolve.sun.com/search/document.do?assetk… | vendor-advisoryx_refsource_SUNALERT |
Date Public
2009-11-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:45:50.920Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2010:203",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:203"
},
{
"name": "[automake] 20091208 CVE-2009-4029 Automake security fix for \u0027make dist*\u0027",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html"
},
{
"name": "[automake-patches] 20091128 [PATCH] do not put world-writable directories in distribution tarballs",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/automake-patches/2009-11/msg00017.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://savannah.gnu.org/forum/forum.php?forum_id=6077"
},
{
"name": "[automake] 20091208 Re: CVE-2009-4029 Automake security fix for \u0027make dist*\u0027",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00013.html"
},
{
"name": "20101027 rPSA-2010-0071-1 automake",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/514526/100/0/threaded"
},
{
"name": "[automake] 20091208 GNU Automake 1.11.1 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00010.html"
},
{
"name": "oval:org.mitre.oval:def:11717",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11717"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071"
},
{
"name": "ADV-2009-3579",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3579"
},
{
"name": "[automake] 20091208 GNU Automake 1.10.3 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00011.html"
},
{
"name": "1021784",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021784.1-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "MDVSA-2010:203",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:203"
},
{
"name": "[automake] 20091208 CVE-2009-4029 Automake security fix for \u0027make dist*\u0027",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html"
},
{
"name": "[automake-patches] 20091128 [PATCH] do not put world-writable directories in distribution tarballs",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/automake-patches/2009-11/msg00017.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://savannah.gnu.org/forum/forum.php?forum_id=6077"
},
{
"name": "[automake] 20091208 Re: CVE-2009-4029 Automake security fix for \u0027make dist*\u0027",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00013.html"
},
{
"name": "20101027 rPSA-2010-0071-1 automake",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/514526/100/0/threaded"
},
{
"name": "[automake] 20091208 GNU Automake 1.11.1 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00010.html"
},
{
"name": "oval:org.mitre.oval:def:11717",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11717"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071"
},
{
"name": "ADV-2009-3579",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3579"
},
{
"name": "[automake] 20091208 GNU Automake 1.10.3 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00011.html"
},
{
"name": "1021784",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021784.1-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-4029",
"datePublished": "2009-12-20T02:00:00.000Z",
"dateReserved": "2009-11-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:45:50.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2009-4029",
"date": "2026-05-27",
"epss": "0.00716",
"percentile": "0.72612"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:automake:1.10.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B2A91930-6A6C-4B56-99DF-8A06F270AEC3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:automake:1.11.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6F35A4AC-1FA1-49CA-A465-5E0E6E05AC0B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnu:automake:branch:1-9:*:*:*:*:*:*\", \"matchCriteriaId\": \"4D37A8B9-BA44-4543-94C1-E10A4C7F39A3\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.\"}, {\"lang\": \"es\", \"value\": \"Las reglas (1) dist o (2) distcheck en GNU Automake v1.11.1, v1.10.3, branch-1-4 a branch-1-9, cuando se genera una distribuci\\u00f3n mediante fichero .tar de un paquete que usa Automake, asignan permisos inseguros (777) a los directorios en el \\u00e1rbol de construcci\\u00f3n, lo que introduce una condici\\u00f3n de carrera que permite modificar, a los usuarios locales, el contenido de los archivos del paquete, la introducci\\u00f3n de troyanos, o llevar a cabo otros ataques antes de que la construcci\\u00f3n se haya completado.\"}]",
"id": "CVE-2009-4029",
"lastModified": "2024-11-21T01:08:46.660",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 4.4, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.4, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2009-12-20T02:30:00.483",
"references": "[{\"url\": \"http://lists.gnu.org/archive/html/automake-patches/2009-11/msg00017.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://lists.gnu.org/archive/html/automake/2009-12/msg00010.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.gnu.org/archive/html/automake/2009-12/msg00011.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\"]}, {\"url\": \"http://lists.gnu.org/archive/html/automake/2009-12/msg00013.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://savannah.gnu.org/forum/forum.php?forum_id=6077\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021784.1-1\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2010:203\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/archive/1/514526/100/0/threaded\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.vupen.com/english/advisories/2009/3579\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11717\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.gnu.org/archive/html/automake-patches/2009-11/msg00017.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://lists.gnu.org/archive/html/automake/2009-12/msg00010.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.gnu.org/archive/html/automake/2009-12/msg00011.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://lists.gnu.org/archive/html/automake/2009-12/msg00013.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://savannah.gnu.org/forum/forum.php?forum_id=6077\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021784.1-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2010:203\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/514526/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2009/3579\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11717\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": "[{\"organization\": \"Red Hat\", \"comment\": \"Red Hat is aware of this issue and is tracking it via the following\\nbug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-4029\\n\\nThis issue was addressed in the automake, automake14, automake15, automake16 and automake17 packages as shipped with Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2010-0321.html\\n\\nThe Red Hat Security Response Team has rated this issue as having low security impact, theres no plan to address this flaw in automake packages in Red Hat Enterprise Linux 3 and 4.\", \"lastModified\": \"2010-03-31T00:00:00\"}]",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-362\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2009-4029\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2009-12-20T02:30:00.483\",\"lastModified\":\"2026-04-23T00:35:47.467\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.\"},{\"lang\":\"es\",\"value\":\"Las reglas (1) dist o (2) distcheck en GNU Automake v1.11.1, v1.10.3, branch-1-4 a branch-1-9, cuando se genera una distribuci\u00f3n mediante fichero .tar de un paquete que usa Automake, asignan permisos inseguros (777) a los directorios en el \u00e1rbol de construcci\u00f3n, lo que introduce una condici\u00f3n de carrera que permite modificar, a los usuarios locales, el contenido de los archivos del paquete, la introducci\u00f3n de troyanos, o llevar a cabo otros ataques antes de que la construcci\u00f3n se haya completado.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":4.4,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-362\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:1.10.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2A91930-6A6C-4B56-99DF-8A06F270AEC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:1.11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F35A4AC-1FA1-49CA-A465-5E0E6E05AC0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:branch:1-9:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D37A8B9-BA44-4543-94C1-E10A4C7F39A3\"}]}]}],\"references\":[{\"url\":\"http://lists.gnu.org/archive/html/automake-patches/2009-11/msg00017.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\"]},{\"url\":\"http://lists.gnu.org/archive/html/automake/2009-12/msg00010.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.gnu.org/archive/html/automake/2009-12/msg00011.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://lists.gnu.org/archive/html/automake/2009-12/msg00013.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://savannah.gnu.org/forum/forum.php?forum_id=6077\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021784.1-1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2010:203\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/514526/100/0/threaded\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/3579\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11717\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.gnu.org/archive/html/automake-patches/2009-11/msg00017.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://lists.gnu.org/archive/html/automake/2009-12/msg00010.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.gnu.org/archive/html/automake/2009-12/msg00011.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://lists.gnu.org/archive/html/automake/2009-12/msg00013.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://savannah.gnu.org/forum/forum.php?forum_id=6077\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021784.1-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2010:203\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/514526/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/3579\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11717\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"Red Hat is aware of this issue and is tracking it via the following\\nbug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-4029\\n\\nThis issue was addressed in the automake, automake14, automake15, automake16 and automake17 packages as shipped with Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2010-0321.html\\n\\nThe Red Hat Security Response Team has rated this issue as having low security impact, theres no plan to address this flaw in automake packages in Red Hat Enterprise Linux 3 and 4.\",\"lastModified\":\"2010-03-31T00:00:00\"}]}}"
}
}
FKIE_CVE-2009-4029
Vulnerability from fkie_nvd - Published: 2009-12-20 02:30 - Updated: 2026-04-23 00:35
Severity
Summary
The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:automake:1.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B2A91930-6A6C-4B56-99DF-8A06F270AEC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F35A4AC-1FA1-49CA-A465-5E0E6E05AC0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:branch:1-9:*:*:*:*:*:*",
"matchCriteriaId": "4D37A8B9-BA44-4543-94C1-E10A4C7F39A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete."
},
{
"lang": "es",
"value": "Las reglas (1) dist o (2) distcheck en GNU Automake v1.11.1, v1.10.3, branch-1-4 a branch-1-9, cuando se genera una distribuci\u00f3n mediante fichero .tar de un paquete que usa Automake, asignan permisos inseguros (777) a los directorios en el \u00e1rbol de construcci\u00f3n, lo que introduce una condici\u00f3n de carrera que permite modificar, a los usuarios locales, el contenido de los archivos del paquete, la introducci\u00f3n de troyanos, o llevar a cabo otros ataques antes de que la construcci\u00f3n se haya completado."
}
],
"id": "CVE-2009-4029",
"lastModified": "2026-04-23T00:35:47.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-12-20T02:30:00.483",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://lists.gnu.org/archive/html/automake-patches/2009-11/msg00017.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00010.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00011.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00013.html"
},
{
"source": "secalert@redhat.com",
"url": "http://savannah.gnu.org/forum/forum.php?forum_id=6077"
},
{
"source": "secalert@redhat.com",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021784.1-1"
},
{
"source": "secalert@redhat.com",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:203"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/514526/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2009/3579"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11717"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://lists.gnu.org/archive/html/automake-patches/2009-11/msg00017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://savannah.gnu.org/forum/forum.php?forum_id=6077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021784.1-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:203"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/514526/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/3579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11717"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "Red Hat is aware of this issue and is tracking it via the following\nbug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-4029\n\nThis issue was addressed in the automake, automake14, automake15, automake16 and automake17 packages as shipped with Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2010-0321.html\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, theres no plan to address this flaw in automake packages in Red Hat Enterprise Linux 3 and 4.",
"lastModified": "2010-03-31T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-9XH2-RHPF-VX4P
Vulnerability from github – Published: 2022-05-02 03:50 – Updated: 2022-05-02 03:50
VLAI
Details
The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.
{
"affected": [],
"aliases": [
"CVE-2009-4029"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2009-12-20T02:30:00Z",
"severity": "MODERATE"
},
"details": "The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.",
"id": "GHSA-9xh2-rhpf-vx4p",
"modified": "2022-05-02T03:50:43Z",
"published": "2022-05-02T03:50:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4029"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11717"
},
{
"type": "WEB",
"url": "http://lists.gnu.org/archive/html/automake-patches/2009-11/msg00017.html"
},
{
"type": "WEB",
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00010.html"
},
{
"type": "WEB",
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00011.html"
},
{
"type": "WEB",
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html"
},
{
"type": "WEB",
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00013.html"
},
{
"type": "WEB",
"url": "http://savannah.gnu.org/forum/forum.php?forum_id=6077"
},
{
"type": "WEB",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021784.1-1"
},
{
"type": "WEB",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:203"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/514526/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2009/3579"
}
],
"schema_version": "1.4.0",
"severity": []
}
GSD-2009-4029
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2009-4029",
"description": "The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.",
"id": "GSD-2009-4029",
"references": [
"https://www.suse.com/security/cve/CVE-2009-4029.html",
"https://access.redhat.com/errata/RHSA-2010:0321",
"https://linux.oracle.com/cve/CVE-2009-4029.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2009-4029"
],
"details": "The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.",
"id": "GSD-2009-4029",
"modified": "2023-12-13T01:19:45.086691Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-4029",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.gnu.org/archive/html/automake-patches/2009-11/msg00017.html",
"refsource": "MISC",
"url": "http://lists.gnu.org/archive/html/automake-patches/2009-11/msg00017.html"
},
{
"name": "http://lists.gnu.org/archive/html/automake/2009-12/msg00010.html",
"refsource": "MISC",
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00010.html"
},
{
"name": "http://lists.gnu.org/archive/html/automake/2009-12/msg00011.html",
"refsource": "MISC",
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00011.html"
},
{
"name": "http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html",
"refsource": "MISC",
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html"
},
{
"name": "http://lists.gnu.org/archive/html/automake/2009-12/msg00013.html",
"refsource": "MISC",
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00013.html"
},
{
"name": "http://savannah.gnu.org/forum/forum.php?forum_id=6077",
"refsource": "MISC",
"url": "http://savannah.gnu.org/forum/forum.php?forum_id=6077"
},
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021784.1-1",
"refsource": "MISC",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021784.1-1"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071",
"refsource": "MISC",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071"
},
{
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:203",
"refsource": "MISC",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:203"
},
{
"name": "http://www.securityfocus.com/archive/1/514526/100/0/threaded",
"refsource": "MISC",
"url": "http://www.securityfocus.com/archive/1/514526/100/0/threaded"
},
{
"name": "http://www.vupen.com/english/advisories/2009/3579",
"refsource": "MISC",
"url": "http://www.vupen.com/english/advisories/2009/3579"
},
{
"name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11717",
"refsource": "MISC",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11717"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:1.11.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:branch:1-9:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:1.10.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-4029"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[automake] 20091208 GNU Automake 1.10.3 released",
"refsource": "MLIST",
"tags": [],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00011.html"
},
{
"name": "[automake] 20091208 Re: CVE-2009-4029 Automake security fix for \u0027make dist*\u0027",
"refsource": "MLIST",
"tags": [],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00013.html"
},
{
"name": "[automake] 20091208 CVE-2009-4029 Automake security fix for \u0027make dist*\u0027",
"refsource": "MLIST",
"tags": [
"Patch"
],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html"
},
{
"name": "[automake] 20091208 GNU Automake 1.11.1 released",
"refsource": "MLIST",
"tags": [],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00010.html"
},
{
"name": "http://savannah.gnu.org/forum/forum.php?forum_id=6077",
"refsource": "CONFIRM",
"tags": [],
"url": "http://savannah.gnu.org/forum/forum.php?forum_id=6077"
},
{
"name": "[automake-patches] 20091128 [PATCH] do not put world-writable directories in distribution tarballs",
"refsource": "MLIST",
"tags": [
"Exploit"
],
"url": "http://lists.gnu.org/archive/html/automake-patches/2009-11/msg00017.html"
},
{
"name": "ADV-2009-3579",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2009/3579"
},
{
"name": "1021784",
"refsource": "SUNALERT",
"tags": [],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021784.1-1"
},
{
"name": "MDVSA-2010:203",
"refsource": "MANDRIVA",
"tags": [],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:203"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071",
"refsource": "CONFIRM",
"tags": [],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071"
},
{
"name": "oval:org.mitre.oval:def:11717",
"refsource": "OVAL",
"tags": [],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11717"
},
{
"name": "20101027 rPSA-2010-0071-1 automake",
"refsource": "BUGTRAQ",
"tags": [],
"url": "http://www.securityfocus.com/archive/1/514526/100/0/threaded"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2018-10-10T19:48Z",
"publishedDate": "2009-12-20T02:30Z"
}
}
}
OPENSUSE-SU-2024:10027-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
automake-1.15-4.6 on GA media
Severity
Moderate
Notes
Title of the patch: automake-1.15-4.6 on GA media
Description of the patch: These are all security issues fixed in the automake-1.15-4.6 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-10027
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:automake-1.15-4.6.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:automake-1.15-4.6.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:automake-1.15-4.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:automake-1.15-4.6.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:m4-1.4.17-5.7.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:m4-1.4.17-5.7.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:m4-1.4.17-5.7.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:m4-1.4.17-5.7.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
7 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2009-4029/ | self |
| https://www.suse.com/security/cve/CVE-2009-4029 | external |
| https://bugzilla.suse.com/559815 | external |
| https://bugzilla.suse.com/770618 | external |
| https://bugzilla.suse.com/786745 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "automake-1.15-4.6 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the automake-1.15-4.6 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10027",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10027-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2009-4029 page",
"url": "https://www.suse.com/security/cve/CVE-2009-4029/"
}
],
"title": "automake-1.15-4.6 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10027-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "automake-1.15-4.6.aarch64",
"product": {
"name": "automake-1.15-4.6.aarch64",
"product_id": "automake-1.15-4.6.aarch64"
}
},
{
"category": "product_version",
"name": "m4-1.4.17-5.7.aarch64",
"product": {
"name": "m4-1.4.17-5.7.aarch64",
"product_id": "m4-1.4.17-5.7.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "automake-1.15-4.6.ppc64le",
"product": {
"name": "automake-1.15-4.6.ppc64le",
"product_id": "automake-1.15-4.6.ppc64le"
}
},
{
"category": "product_version",
"name": "m4-1.4.17-5.7.ppc64le",
"product": {
"name": "m4-1.4.17-5.7.ppc64le",
"product_id": "m4-1.4.17-5.7.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "automake-1.15-4.6.s390x",
"product": {
"name": "automake-1.15-4.6.s390x",
"product_id": "automake-1.15-4.6.s390x"
}
},
{
"category": "product_version",
"name": "m4-1.4.17-5.7.s390x",
"product": {
"name": "m4-1.4.17-5.7.s390x",
"product_id": "m4-1.4.17-5.7.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "automake-1.15-4.6.x86_64",
"product": {
"name": "automake-1.15-4.6.x86_64",
"product_id": "automake-1.15-4.6.x86_64"
}
},
{
"category": "product_version",
"name": "m4-1.4.17-5.7.x86_64",
"product": {
"name": "m4-1.4.17-5.7.x86_64",
"product_id": "m4-1.4.17-5.7.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "automake-1.15-4.6.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:automake-1.15-4.6.aarch64"
},
"product_reference": "automake-1.15-4.6.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake-1.15-4.6.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:automake-1.15-4.6.ppc64le"
},
"product_reference": "automake-1.15-4.6.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake-1.15-4.6.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:automake-1.15-4.6.s390x"
},
"product_reference": "automake-1.15-4.6.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake-1.15-4.6.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:automake-1.15-4.6.x86_64"
},
"product_reference": "automake-1.15-4.6.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "m4-1.4.17-5.7.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:m4-1.4.17-5.7.aarch64"
},
"product_reference": "m4-1.4.17-5.7.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "m4-1.4.17-5.7.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:m4-1.4.17-5.7.ppc64le"
},
"product_reference": "m4-1.4.17-5.7.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "m4-1.4.17-5.7.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:m4-1.4.17-5.7.s390x"
},
"product_reference": "m4-1.4.17-5.7.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "m4-1.4.17-5.7.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:m4-1.4.17-5.7.x86_64"
},
"product_reference": "m4-1.4.17-5.7.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-4029",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2009-4029"
}
],
"notes": [
{
"category": "general",
"text": "The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:automake-1.15-4.6.aarch64",
"openSUSE Tumbleweed:automake-1.15-4.6.ppc64le",
"openSUSE Tumbleweed:automake-1.15-4.6.s390x",
"openSUSE Tumbleweed:automake-1.15-4.6.x86_64",
"openSUSE Tumbleweed:m4-1.4.17-5.7.aarch64",
"openSUSE Tumbleweed:m4-1.4.17-5.7.ppc64le",
"openSUSE Tumbleweed:m4-1.4.17-5.7.s390x",
"openSUSE Tumbleweed:m4-1.4.17-5.7.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2009-4029",
"url": "https://www.suse.com/security/cve/CVE-2009-4029"
},
{
"category": "external",
"summary": "SUSE Bug 559815 for CVE-2009-4029",
"url": "https://bugzilla.suse.com/559815"
},
{
"category": "external",
"summary": "SUSE Bug 770618 for CVE-2009-4029",
"url": "https://bugzilla.suse.com/770618"
},
{
"category": "external",
"summary": "SUSE Bug 786745 for CVE-2009-4029",
"url": "https://bugzilla.suse.com/786745"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:automake-1.15-4.6.aarch64",
"openSUSE Tumbleweed:automake-1.15-4.6.ppc64le",
"openSUSE Tumbleweed:automake-1.15-4.6.s390x",
"openSUSE Tumbleweed:automake-1.15-4.6.x86_64",
"openSUSE Tumbleweed:m4-1.4.17-5.7.aarch64",
"openSUSE Tumbleweed:m4-1.4.17-5.7.ppc64le",
"openSUSE Tumbleweed:m4-1.4.17-5.7.s390x",
"openSUSE Tumbleweed:m4-1.4.17-5.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2009-4029"
}
]
}
OPENSUSE-SU-2024:10293-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
cppi-1.18-2.4 on GA media
Severity
Moderate
Notes
Title of the patch: cppi-1.18-2.4 on GA media
Description of the patch: These are all security issues fixed in the cppi-1.18-2.4 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-10293
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cppi-1.18-2.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cppi-1.18-2.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cppi-1.18-2.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cppi-1.18-2.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cppi-lang-1.18-2.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cppi-lang-1.18-2.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cppi-lang-1.18-2.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cppi-lang-1.18-2.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cppi-1.18-2.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cppi-1.18-2.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cppi-1.18-2.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cppi-1.18-2.4.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cppi-lang-1.18-2.4.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cppi-lang-1.18-2.4.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cppi-lang-1.18-2.4.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cppi-lang-1.18-2.4.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "cppi-1.18-2.4 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the cppi-1.18-2.4 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10293",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10293-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2009-4029 page",
"url": "https://www.suse.com/security/cve/CVE-2009-4029/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-3386 page",
"url": "https://www.suse.com/security/cve/CVE-2012-3386/"
}
],
"title": "cppi-1.18-2.4 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10293-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cppi-1.18-2.4.aarch64",
"product": {
"name": "cppi-1.18-2.4.aarch64",
"product_id": "cppi-1.18-2.4.aarch64"
}
},
{
"category": "product_version",
"name": "cppi-lang-1.18-2.4.aarch64",
"product": {
"name": "cppi-lang-1.18-2.4.aarch64",
"product_id": "cppi-lang-1.18-2.4.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cppi-1.18-2.4.ppc64le",
"product": {
"name": "cppi-1.18-2.4.ppc64le",
"product_id": "cppi-1.18-2.4.ppc64le"
}
},
{
"category": "product_version",
"name": "cppi-lang-1.18-2.4.ppc64le",
"product": {
"name": "cppi-lang-1.18-2.4.ppc64le",
"product_id": "cppi-lang-1.18-2.4.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cppi-1.18-2.4.s390x",
"product": {
"name": "cppi-1.18-2.4.s390x",
"product_id": "cppi-1.18-2.4.s390x"
}
},
{
"category": "product_version",
"name": "cppi-lang-1.18-2.4.s390x",
"product": {
"name": "cppi-lang-1.18-2.4.s390x",
"product_id": "cppi-lang-1.18-2.4.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cppi-1.18-2.4.x86_64",
"product": {
"name": "cppi-1.18-2.4.x86_64",
"product_id": "cppi-1.18-2.4.x86_64"
}
},
{
"category": "product_version",
"name": "cppi-lang-1.18-2.4.x86_64",
"product": {
"name": "cppi-lang-1.18-2.4.x86_64",
"product_id": "cppi-lang-1.18-2.4.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cppi-1.18-2.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cppi-1.18-2.4.aarch64"
},
"product_reference": "cppi-1.18-2.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cppi-1.18-2.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cppi-1.18-2.4.ppc64le"
},
"product_reference": "cppi-1.18-2.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cppi-1.18-2.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cppi-1.18-2.4.s390x"
},
"product_reference": "cppi-1.18-2.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cppi-1.18-2.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cppi-1.18-2.4.x86_64"
},
"product_reference": "cppi-1.18-2.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cppi-lang-1.18-2.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cppi-lang-1.18-2.4.aarch64"
},
"product_reference": "cppi-lang-1.18-2.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cppi-lang-1.18-2.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cppi-lang-1.18-2.4.ppc64le"
},
"product_reference": "cppi-lang-1.18-2.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cppi-lang-1.18-2.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cppi-lang-1.18-2.4.s390x"
},
"product_reference": "cppi-lang-1.18-2.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cppi-lang-1.18-2.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cppi-lang-1.18-2.4.x86_64"
},
"product_reference": "cppi-lang-1.18-2.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-4029",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2009-4029"
}
],
"notes": [
{
"category": "general",
"text": "The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cppi-1.18-2.4.aarch64",
"openSUSE Tumbleweed:cppi-1.18-2.4.ppc64le",
"openSUSE Tumbleweed:cppi-1.18-2.4.s390x",
"openSUSE Tumbleweed:cppi-1.18-2.4.x86_64",
"openSUSE Tumbleweed:cppi-lang-1.18-2.4.aarch64",
"openSUSE Tumbleweed:cppi-lang-1.18-2.4.ppc64le",
"openSUSE Tumbleweed:cppi-lang-1.18-2.4.s390x",
"openSUSE Tumbleweed:cppi-lang-1.18-2.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2009-4029",
"url": "https://www.suse.com/security/cve/CVE-2009-4029"
},
{
"category": "external",
"summary": "SUSE Bug 559815 for CVE-2009-4029",
"url": "https://bugzilla.suse.com/559815"
},
{
"category": "external",
"summary": "SUSE Bug 770618 for CVE-2009-4029",
"url": "https://bugzilla.suse.com/770618"
},
{
"category": "external",
"summary": "SUSE Bug 786745 for CVE-2009-4029",
"url": "https://bugzilla.suse.com/786745"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cppi-1.18-2.4.aarch64",
"openSUSE Tumbleweed:cppi-1.18-2.4.ppc64le",
"openSUSE Tumbleweed:cppi-1.18-2.4.s390x",
"openSUSE Tumbleweed:cppi-1.18-2.4.x86_64",
"openSUSE Tumbleweed:cppi-lang-1.18-2.4.aarch64",
"openSUSE Tumbleweed:cppi-lang-1.18-2.4.ppc64le",
"openSUSE Tumbleweed:cppi-lang-1.18-2.4.s390x",
"openSUSE Tumbleweed:cppi-lang-1.18-2.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2009-4029"
},
{
"cve": "CVE-2012-3386",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-3386"
}
],
"notes": [
{
"category": "general",
"text": "The \"make distcheck\" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cppi-1.18-2.4.aarch64",
"openSUSE Tumbleweed:cppi-1.18-2.4.ppc64le",
"openSUSE Tumbleweed:cppi-1.18-2.4.s390x",
"openSUSE Tumbleweed:cppi-1.18-2.4.x86_64",
"openSUSE Tumbleweed:cppi-lang-1.18-2.4.aarch64",
"openSUSE Tumbleweed:cppi-lang-1.18-2.4.ppc64le",
"openSUSE Tumbleweed:cppi-lang-1.18-2.4.s390x",
"openSUSE Tumbleweed:cppi-lang-1.18-2.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-3386",
"url": "https://www.suse.com/security/cve/CVE-2012-3386"
},
{
"category": "external",
"summary": "SUSE Bug 770618 for CVE-2012-3386",
"url": "https://bugzilla.suse.com/770618"
},
{
"category": "external",
"summary": "SUSE Bug 786745 for CVE-2012-3386",
"url": "https://bugzilla.suse.com/786745"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cppi-1.18-2.4.aarch64",
"openSUSE Tumbleweed:cppi-1.18-2.4.ppc64le",
"openSUSE Tumbleweed:cppi-1.18-2.4.s390x",
"openSUSE Tumbleweed:cppi-1.18-2.4.x86_64",
"openSUSE Tumbleweed:cppi-lang-1.18-2.4.aarch64",
"openSUSE Tumbleweed:cppi-lang-1.18-2.4.ppc64le",
"openSUSE Tumbleweed:cppi-lang-1.18-2.4.s390x",
"openSUSE Tumbleweed:cppi-lang-1.18-2.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2012-3386"
}
]
}
RHSA-2010:0321
Vulnerability from csaf_redhat - Published: 2010-03-29 12:00 - Updated: 2026-01-13 22:35Summary
Red Hat Security Advisory: automake security update
Severity
Low
Notes
Topic: Updated automake, automake14, automake15, automake16, and automake17
packages that fix one security issue are now available for Red Hat
Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
Details: Automake is a tool for automatically generating Makefile.in files compliant
with the GNU Coding Standards.
Automake-generated Makefiles made certain directories world-writable when
preparing source archives, as was recommended by the GNU Coding Standards.
If a malicious, local user could access the directory where a victim was
creating distribution archives, they could use this flaw to modify the
files being added to those archives. Makefiles generated by these updated
automake packages no longer make distribution directories world-writable,
as recommended by the updated GNU Coding Standards. (CVE-2009-4029)
Note: This issue affected Makefile targets used by developers to prepare
distribution source archives. Those targets are not used when compiling
programs from the source code.
All users of automake, automake14, automake15, automake16, and automake17
should upgrade to these updated packages, which resolve this issue.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.
3.7 ()
Affected products
Fixed
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 5Client-Workstation:automake-0:1.9.6-2.3.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Workstation:automake-0:1.9.6-2.3.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Workstation:automake14-0:1.4p6-13.el5.1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Workstation:automake14-0:1.4p6-13.el5.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Workstation:automake15-0:1.5-16.el5.2.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Workstation:automake15-0:1.5-16.el5.2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Workstation:automake16-0:1.6.3-8.el5.1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Workstation:automake16-0:1.6.3-8.el5.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Workstation:automake17-0:1.7.9-7.el5.2.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Workstation:automake17-0:1.7.9-7.el5.2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server:automake-0:1.9.6-2.3.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server:automake-0:1.9.6-2.3.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server:automake14-0:1.4p6-13.el5.1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server:automake14-0:1.4p6-13.el5.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server:automake15-0:1.5-16.el5.2.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server:automake15-0:1.5-16.el5.2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server:automake16-0:1.6.3-8.el5.1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server:automake16-0:1.6.3-8.el5.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server:automake17-0:1.7.9-7.el5.2.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server:automake17-0:1.7.9-7.el5.2.src | — |
Vendor Fix
fix
|
Threats
Impact
Low
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated automake, automake14, automake15, automake16, and automake17\npackages that fix one security issue are now available for Red Hat\nEnterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Automake is a tool for automatically generating Makefile.in files compliant\nwith the GNU Coding Standards.\n\nAutomake-generated Makefiles made certain directories world-writable when\npreparing source archives, as was recommended by the GNU Coding Standards.\nIf a malicious, local user could access the directory where a victim was\ncreating distribution archives, they could use this flaw to modify the\nfiles being added to those archives. Makefiles generated by these updated\nautomake packages no longer make distribution directories world-writable,\nas recommended by the updated GNU Coding Standards. (CVE-2009-4029)\n\nNote: This issue affected Makefile targets used by developers to prepare\ndistribution source archives. Those targets are not used when compiling\nprograms from the source code.\n\nAll users of automake, automake14, automake15, automake16, and automake17\nshould upgrade to these updated packages, which resolve this issue.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0321",
"url": "https://access.redhat.com/errata/RHSA-2010:0321"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "http://www.gnu.org/prep/standards/html_node/Releases.html",
"url": "http://www.gnu.org/prep/standards/html_node/Releases.html"
},
{
"category": "external",
"summary": "542609",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=542609"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0321.json"
}
],
"title": "Red Hat Security Advisory: automake security update",
"tracking": {
"current_release_date": "2026-01-13T22:35:33+00:00",
"generator": {
"date": "2026-01-13T22:35:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.15"
}
},
"id": "RHSA-2010:0321",
"initial_release_date": "2010-03-29T12:00:00+00:00",
"revision_history": [
{
"date": "2010-03-29T12:00:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-03-29T10:44:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-13T22:35:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::client_workstation"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product": {
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "automake14-0:1.4p6-13.el5.1.src",
"product": {
"name": "automake14-0:1.4p6-13.el5.1.src",
"product_id": "automake14-0:1.4p6-13.el5.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake14@1.4p6-13.el5.1?arch=src"
}
}
},
{
"category": "product_version",
"name": "automake15-0:1.5-16.el5.2.src",
"product": {
"name": "automake15-0:1.5-16.el5.2.src",
"product_id": "automake15-0:1.5-16.el5.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake15@1.5-16.el5.2?arch=src"
}
}
},
{
"category": "product_version",
"name": "automake16-0:1.6.3-8.el5.1.src",
"product": {
"name": "automake16-0:1.6.3-8.el5.1.src",
"product_id": "automake16-0:1.6.3-8.el5.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake16@1.6.3-8.el5.1?arch=src"
}
}
},
{
"category": "product_version",
"name": "automake17-0:1.7.9-7.el5.2.src",
"product": {
"name": "automake17-0:1.7.9-7.el5.2.src",
"product_id": "automake17-0:1.7.9-7.el5.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake17@1.7.9-7.el5.2?arch=src"
}
}
},
{
"category": "product_version",
"name": "automake-0:1.9.6-2.3.el5.src",
"product": {
"name": "automake-0:1.9.6-2.3.el5.src",
"product_id": "automake-0:1.9.6-2.3.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake@1.9.6-2.3.el5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "automake14-0:1.4p6-13.el5.1.noarch",
"product": {
"name": "automake14-0:1.4p6-13.el5.1.noarch",
"product_id": "automake14-0:1.4p6-13.el5.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake14@1.4p6-13.el5.1?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automake15-0:1.5-16.el5.2.noarch",
"product": {
"name": "automake15-0:1.5-16.el5.2.noarch",
"product_id": "automake15-0:1.5-16.el5.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake15@1.5-16.el5.2?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automake16-0:1.6.3-8.el5.1.noarch",
"product": {
"name": "automake16-0:1.6.3-8.el5.1.noarch",
"product_id": "automake16-0:1.6.3-8.el5.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake16@1.6.3-8.el5.1?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automake17-0:1.7.9-7.el5.2.noarch",
"product": {
"name": "automake17-0:1.7.9-7.el5.2.noarch",
"product_id": "automake17-0:1.7.9-7.el5.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake17@1.7.9-7.el5.2?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automake-0:1.9.6-2.3.el5.noarch",
"product": {
"name": "automake-0:1.9.6-2.3.el5.noarch",
"product_id": "automake-0:1.9.6-2.3.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake@1.9.6-2.3.el5?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "automake-0:1.9.6-2.3.el5.noarch as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake-0:1.9.6-2.3.el5.noarch"
},
"product_reference": "automake-0:1.9.6-2.3.el5.noarch",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake-0:1.9.6-2.3.el5.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake-0:1.9.6-2.3.el5.src"
},
"product_reference": "automake-0:1.9.6-2.3.el5.src",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake14-0:1.4p6-13.el5.1.noarch as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake14-0:1.4p6-13.el5.1.noarch"
},
"product_reference": "automake14-0:1.4p6-13.el5.1.noarch",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake14-0:1.4p6-13.el5.1.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake14-0:1.4p6-13.el5.1.src"
},
"product_reference": "automake14-0:1.4p6-13.el5.1.src",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake15-0:1.5-16.el5.2.noarch as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake15-0:1.5-16.el5.2.noarch"
},
"product_reference": "automake15-0:1.5-16.el5.2.noarch",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake15-0:1.5-16.el5.2.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake15-0:1.5-16.el5.2.src"
},
"product_reference": "automake15-0:1.5-16.el5.2.src",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake16-0:1.6.3-8.el5.1.noarch as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake16-0:1.6.3-8.el5.1.noarch"
},
"product_reference": "automake16-0:1.6.3-8.el5.1.noarch",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake16-0:1.6.3-8.el5.1.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake16-0:1.6.3-8.el5.1.src"
},
"product_reference": "automake16-0:1.6.3-8.el5.1.src",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake17-0:1.7.9-7.el5.2.noarch as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake17-0:1.7.9-7.el5.2.noarch"
},
"product_reference": "automake17-0:1.7.9-7.el5.2.noarch",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake17-0:1.7.9-7.el5.2.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake17-0:1.7.9-7.el5.2.src"
},
"product_reference": "automake17-0:1.7.9-7.el5.2.src",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake-0:1.9.6-2.3.el5.noarch as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake-0:1.9.6-2.3.el5.noarch"
},
"product_reference": "automake-0:1.9.6-2.3.el5.noarch",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake-0:1.9.6-2.3.el5.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake-0:1.9.6-2.3.el5.src"
},
"product_reference": "automake-0:1.9.6-2.3.el5.src",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake14-0:1.4p6-13.el5.1.noarch as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake14-0:1.4p6-13.el5.1.noarch"
},
"product_reference": "automake14-0:1.4p6-13.el5.1.noarch",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake14-0:1.4p6-13.el5.1.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake14-0:1.4p6-13.el5.1.src"
},
"product_reference": "automake14-0:1.4p6-13.el5.1.src",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake15-0:1.5-16.el5.2.noarch as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake15-0:1.5-16.el5.2.noarch"
},
"product_reference": "automake15-0:1.5-16.el5.2.noarch",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake15-0:1.5-16.el5.2.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake15-0:1.5-16.el5.2.src"
},
"product_reference": "automake15-0:1.5-16.el5.2.src",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake16-0:1.6.3-8.el5.1.noarch as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake16-0:1.6.3-8.el5.1.noarch"
},
"product_reference": "automake16-0:1.6.3-8.el5.1.noarch",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake16-0:1.6.3-8.el5.1.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake16-0:1.6.3-8.el5.1.src"
},
"product_reference": "automake16-0:1.6.3-8.el5.1.src",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake17-0:1.7.9-7.el5.2.noarch as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake17-0:1.7.9-7.el5.2.noarch"
},
"product_reference": "automake17-0:1.7.9-7.el5.2.noarch",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake17-0:1.7.9-7.el5.2.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake17-0:1.7.9-7.el5.2.src"
},
"product_reference": "automake17-0:1.7.9-7.el5.2.src",
"relates_to_product_reference": "5Server"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-4029",
"discovery_date": "2009-11-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "542609"
}
],
"notes": [
{
"category": "description",
"text": "The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Automake: Race condition by creation of \"distdir\" based directory hierarchy",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security has rated this issue as having low security impact, theres no plan to address this flaw in automake packages in Red Hat Enterprise Linux 3 and 4.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Workstation:automake-0:1.9.6-2.3.el5.noarch",
"5Client-Workstation:automake-0:1.9.6-2.3.el5.src",
"5Client-Workstation:automake14-0:1.4p6-13.el5.1.noarch",
"5Client-Workstation:automake14-0:1.4p6-13.el5.1.src",
"5Client-Workstation:automake15-0:1.5-16.el5.2.noarch",
"5Client-Workstation:automake15-0:1.5-16.el5.2.src",
"5Client-Workstation:automake16-0:1.6.3-8.el5.1.noarch",
"5Client-Workstation:automake16-0:1.6.3-8.el5.1.src",
"5Client-Workstation:automake17-0:1.7.9-7.el5.2.noarch",
"5Client-Workstation:automake17-0:1.7.9-7.el5.2.src",
"5Server:automake-0:1.9.6-2.3.el5.noarch",
"5Server:automake-0:1.9.6-2.3.el5.src",
"5Server:automake14-0:1.4p6-13.el5.1.noarch",
"5Server:automake14-0:1.4p6-13.el5.1.src",
"5Server:automake15-0:1.5-16.el5.2.noarch",
"5Server:automake15-0:1.5-16.el5.2.src",
"5Server:automake16-0:1.6.3-8.el5.1.noarch",
"5Server:automake16-0:1.6.3-8.el5.1.src",
"5Server:automake17-0:1.7.9-7.el5.2.noarch",
"5Server:automake17-0:1.7.9-7.el5.2.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4029"
},
{
"category": "external",
"summary": "RHBZ#542609",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=542609"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4029",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4029"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4029",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4029"
}
],
"release_date": "2009-12-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-03-29T12:00:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Workstation:automake-0:1.9.6-2.3.el5.noarch",
"5Client-Workstation:automake-0:1.9.6-2.3.el5.src",
"5Client-Workstation:automake14-0:1.4p6-13.el5.1.noarch",
"5Client-Workstation:automake14-0:1.4p6-13.el5.1.src",
"5Client-Workstation:automake15-0:1.5-16.el5.2.noarch",
"5Client-Workstation:automake15-0:1.5-16.el5.2.src",
"5Client-Workstation:automake16-0:1.6.3-8.el5.1.noarch",
"5Client-Workstation:automake16-0:1.6.3-8.el5.1.src",
"5Client-Workstation:automake17-0:1.7.9-7.el5.2.noarch",
"5Client-Workstation:automake17-0:1.7.9-7.el5.2.src",
"5Server:automake-0:1.9.6-2.3.el5.noarch",
"5Server:automake-0:1.9.6-2.3.el5.src",
"5Server:automake14-0:1.4p6-13.el5.1.noarch",
"5Server:automake14-0:1.4p6-13.el5.1.src",
"5Server:automake15-0:1.5-16.el5.2.noarch",
"5Server:automake15-0:1.5-16.el5.2.src",
"5Server:automake16-0:1.6.3-8.el5.1.noarch",
"5Server:automake16-0:1.6.3-8.el5.1.src",
"5Server:automake17-0:1.7.9-7.el5.2.noarch",
"5Server:automake17-0:1.7.9-7.el5.2.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0321"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Workstation:automake-0:1.9.6-2.3.el5.noarch",
"5Client-Workstation:automake-0:1.9.6-2.3.el5.src",
"5Client-Workstation:automake14-0:1.4p6-13.el5.1.noarch",
"5Client-Workstation:automake14-0:1.4p6-13.el5.1.src",
"5Client-Workstation:automake15-0:1.5-16.el5.2.noarch",
"5Client-Workstation:automake15-0:1.5-16.el5.2.src",
"5Client-Workstation:automake16-0:1.6.3-8.el5.1.noarch",
"5Client-Workstation:automake16-0:1.6.3-8.el5.1.src",
"5Client-Workstation:automake17-0:1.7.9-7.el5.2.noarch",
"5Client-Workstation:automake17-0:1.7.9-7.el5.2.src",
"5Server:automake-0:1.9.6-2.3.el5.noarch",
"5Server:automake-0:1.9.6-2.3.el5.src",
"5Server:automake14-0:1.4p6-13.el5.1.noarch",
"5Server:automake14-0:1.4p6-13.el5.1.src",
"5Server:automake15-0:1.5-16.el5.2.noarch",
"5Server:automake15-0:1.5-16.el5.2.src",
"5Server:automake16-0:1.6.3-8.el5.1.noarch",
"5Server:automake16-0:1.6.3-8.el5.1.src",
"5Server:automake17-0:1.7.9-7.el5.2.noarch",
"5Server:automake17-0:1.7.9-7.el5.2.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Automake: Race condition by creation of \"distdir\" based directory hierarchy"
}
]
}
RHSA-2010_0321
Vulnerability from csaf_redhat - Published: 2010-03-29 12:00 - Updated: 2024-11-22 03:16Summary
Red Hat Security Advisory: automake security update
Severity
Low
Notes
Topic: Updated automake, automake14, automake15, automake16, and automake17
packages that fix one security issue are now available for Red Hat
Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
Details: Automake is a tool for automatically generating Makefile.in files compliant
with the GNU Coding Standards.
Automake-generated Makefiles made certain directories world-writable when
preparing source archives, as was recommended by the GNU Coding Standards.
If a malicious, local user could access the directory where a victim was
creating distribution archives, they could use this flaw to modify the
files being added to those archives. Makefiles generated by these updated
automake packages no longer make distribution directories world-writable,
as recommended by the updated GNU Coding Standards. (CVE-2009-4029)
Note: This issue affected Makefile targets used by developers to prepare
distribution source archives. Those targets are not used when compiling
programs from the source code.
All users of automake, automake14, automake15, automake16, and automake17
should upgrade to these updated packages, which resolve this issue.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.
3.7 ()
Affected products
Fixed
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 5Client-Workstation:automake-0:1.9.6-2.3.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Workstation:automake-0:1.9.6-2.3.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Workstation:automake14-0:1.4p6-13.el5.1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Workstation:automake14-0:1.4p6-13.el5.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Workstation:automake15-0:1.5-16.el5.2.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Workstation:automake15-0:1.5-16.el5.2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Workstation:automake16-0:1.6.3-8.el5.1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Workstation:automake16-0:1.6.3-8.el5.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Workstation:automake17-0:1.7.9-7.el5.2.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Client-Workstation:automake17-0:1.7.9-7.el5.2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server:automake-0:1.9.6-2.3.el5.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server:automake-0:1.9.6-2.3.el5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server:automake14-0:1.4p6-13.el5.1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server:automake14-0:1.4p6-13.el5.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server:automake15-0:1.5-16.el5.2.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server:automake15-0:1.5-16.el5.2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server:automake16-0:1.6.3-8.el5.1.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server:automake16-0:1.6.3-8.el5.1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server:automake17-0:1.7.9-7.el5.2.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 5Server:automake17-0:1.7.9-7.el5.2.src | — |
Vendor Fix
fix
|
Threats
Impact
Low
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated automake, automake14, automake15, automake16, and automake17\npackages that fix one security issue are now available for Red Hat\nEnterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Automake is a tool for automatically generating Makefile.in files compliant\nwith the GNU Coding Standards.\n\nAutomake-generated Makefiles made certain directories world-writable when\npreparing source archives, as was recommended by the GNU Coding Standards.\nIf a malicious, local user could access the directory where a victim was\ncreating distribution archives, they could use this flaw to modify the\nfiles being added to those archives. Makefiles generated by these updated\nautomake packages no longer make distribution directories world-writable,\nas recommended by the updated GNU Coding Standards. (CVE-2009-4029)\n\nNote: This issue affected Makefile targets used by developers to prepare\ndistribution source archives. Those targets are not used when compiling\nprograms from the source code.\n\nAll users of automake, automake14, automake15, automake16, and automake17\nshould upgrade to these updated packages, which resolve this issue.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0321",
"url": "https://access.redhat.com/errata/RHSA-2010:0321"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "http://www.gnu.org/prep/standards/html_node/Releases.html",
"url": "http://www.gnu.org/prep/standards/html_node/Releases.html"
},
{
"category": "external",
"summary": "542609",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=542609"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0321.json"
}
],
"title": "Red Hat Security Advisory: automake security update",
"tracking": {
"current_release_date": "2024-11-22T03:16:28+00:00",
"generator": {
"date": "2024-11-22T03:16:28+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2010:0321",
"initial_release_date": "2010-03-29T12:00:00+00:00",
"revision_history": [
{
"date": "2010-03-29T12:00:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-03-29T10:44:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T03:16:28+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::client_workstation"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product": {
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "automake14-0:1.4p6-13.el5.1.src",
"product": {
"name": "automake14-0:1.4p6-13.el5.1.src",
"product_id": "automake14-0:1.4p6-13.el5.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake14@1.4p6-13.el5.1?arch=src"
}
}
},
{
"category": "product_version",
"name": "automake15-0:1.5-16.el5.2.src",
"product": {
"name": "automake15-0:1.5-16.el5.2.src",
"product_id": "automake15-0:1.5-16.el5.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake15@1.5-16.el5.2?arch=src"
}
}
},
{
"category": "product_version",
"name": "automake16-0:1.6.3-8.el5.1.src",
"product": {
"name": "automake16-0:1.6.3-8.el5.1.src",
"product_id": "automake16-0:1.6.3-8.el5.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake16@1.6.3-8.el5.1?arch=src"
}
}
},
{
"category": "product_version",
"name": "automake17-0:1.7.9-7.el5.2.src",
"product": {
"name": "automake17-0:1.7.9-7.el5.2.src",
"product_id": "automake17-0:1.7.9-7.el5.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake17@1.7.9-7.el5.2?arch=src"
}
}
},
{
"category": "product_version",
"name": "automake-0:1.9.6-2.3.el5.src",
"product": {
"name": "automake-0:1.9.6-2.3.el5.src",
"product_id": "automake-0:1.9.6-2.3.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake@1.9.6-2.3.el5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "automake14-0:1.4p6-13.el5.1.noarch",
"product": {
"name": "automake14-0:1.4p6-13.el5.1.noarch",
"product_id": "automake14-0:1.4p6-13.el5.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake14@1.4p6-13.el5.1?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automake15-0:1.5-16.el5.2.noarch",
"product": {
"name": "automake15-0:1.5-16.el5.2.noarch",
"product_id": "automake15-0:1.5-16.el5.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake15@1.5-16.el5.2?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automake16-0:1.6.3-8.el5.1.noarch",
"product": {
"name": "automake16-0:1.6.3-8.el5.1.noarch",
"product_id": "automake16-0:1.6.3-8.el5.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake16@1.6.3-8.el5.1?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automake17-0:1.7.9-7.el5.2.noarch",
"product": {
"name": "automake17-0:1.7.9-7.el5.2.noarch",
"product_id": "automake17-0:1.7.9-7.el5.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake17@1.7.9-7.el5.2?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automake-0:1.9.6-2.3.el5.noarch",
"product": {
"name": "automake-0:1.9.6-2.3.el5.noarch",
"product_id": "automake-0:1.9.6-2.3.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake@1.9.6-2.3.el5?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "automake-0:1.9.6-2.3.el5.noarch as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake-0:1.9.6-2.3.el5.noarch"
},
"product_reference": "automake-0:1.9.6-2.3.el5.noarch",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake-0:1.9.6-2.3.el5.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake-0:1.9.6-2.3.el5.src"
},
"product_reference": "automake-0:1.9.6-2.3.el5.src",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake14-0:1.4p6-13.el5.1.noarch as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake14-0:1.4p6-13.el5.1.noarch"
},
"product_reference": "automake14-0:1.4p6-13.el5.1.noarch",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake14-0:1.4p6-13.el5.1.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake14-0:1.4p6-13.el5.1.src"
},
"product_reference": "automake14-0:1.4p6-13.el5.1.src",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake15-0:1.5-16.el5.2.noarch as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake15-0:1.5-16.el5.2.noarch"
},
"product_reference": "automake15-0:1.5-16.el5.2.noarch",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake15-0:1.5-16.el5.2.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake15-0:1.5-16.el5.2.src"
},
"product_reference": "automake15-0:1.5-16.el5.2.src",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake16-0:1.6.3-8.el5.1.noarch as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake16-0:1.6.3-8.el5.1.noarch"
},
"product_reference": "automake16-0:1.6.3-8.el5.1.noarch",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake16-0:1.6.3-8.el5.1.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake16-0:1.6.3-8.el5.1.src"
},
"product_reference": "automake16-0:1.6.3-8.el5.1.src",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake17-0:1.7.9-7.el5.2.noarch as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake17-0:1.7.9-7.el5.2.noarch"
},
"product_reference": "automake17-0:1.7.9-7.el5.2.noarch",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake17-0:1.7.9-7.el5.2.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake17-0:1.7.9-7.el5.2.src"
},
"product_reference": "automake17-0:1.7.9-7.el5.2.src",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake-0:1.9.6-2.3.el5.noarch as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake-0:1.9.6-2.3.el5.noarch"
},
"product_reference": "automake-0:1.9.6-2.3.el5.noarch",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake-0:1.9.6-2.3.el5.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake-0:1.9.6-2.3.el5.src"
},
"product_reference": "automake-0:1.9.6-2.3.el5.src",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake14-0:1.4p6-13.el5.1.noarch as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake14-0:1.4p6-13.el5.1.noarch"
},
"product_reference": "automake14-0:1.4p6-13.el5.1.noarch",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake14-0:1.4p6-13.el5.1.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake14-0:1.4p6-13.el5.1.src"
},
"product_reference": "automake14-0:1.4p6-13.el5.1.src",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake15-0:1.5-16.el5.2.noarch as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake15-0:1.5-16.el5.2.noarch"
},
"product_reference": "automake15-0:1.5-16.el5.2.noarch",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake15-0:1.5-16.el5.2.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake15-0:1.5-16.el5.2.src"
},
"product_reference": "automake15-0:1.5-16.el5.2.src",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake16-0:1.6.3-8.el5.1.noarch as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake16-0:1.6.3-8.el5.1.noarch"
},
"product_reference": "automake16-0:1.6.3-8.el5.1.noarch",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake16-0:1.6.3-8.el5.1.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake16-0:1.6.3-8.el5.1.src"
},
"product_reference": "automake16-0:1.6.3-8.el5.1.src",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake17-0:1.7.9-7.el5.2.noarch as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake17-0:1.7.9-7.el5.2.noarch"
},
"product_reference": "automake17-0:1.7.9-7.el5.2.noarch",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake17-0:1.7.9-7.el5.2.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake17-0:1.7.9-7.el5.2.src"
},
"product_reference": "automake17-0:1.7.9-7.el5.2.src",
"relates_to_product_reference": "5Server"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-4029",
"discovery_date": "2009-11-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "542609"
}
],
"notes": [
{
"category": "description",
"text": "The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Automake: Race condition by creation of \"distdir\" based directory hierarchy",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security has rated this issue as having low security impact, theres no plan to address this flaw in automake packages in Red Hat Enterprise Linux 3 and 4.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Workstation:automake-0:1.9.6-2.3.el5.noarch",
"5Client-Workstation:automake-0:1.9.6-2.3.el5.src",
"5Client-Workstation:automake14-0:1.4p6-13.el5.1.noarch",
"5Client-Workstation:automake14-0:1.4p6-13.el5.1.src",
"5Client-Workstation:automake15-0:1.5-16.el5.2.noarch",
"5Client-Workstation:automake15-0:1.5-16.el5.2.src",
"5Client-Workstation:automake16-0:1.6.3-8.el5.1.noarch",
"5Client-Workstation:automake16-0:1.6.3-8.el5.1.src",
"5Client-Workstation:automake17-0:1.7.9-7.el5.2.noarch",
"5Client-Workstation:automake17-0:1.7.9-7.el5.2.src",
"5Server:automake-0:1.9.6-2.3.el5.noarch",
"5Server:automake-0:1.9.6-2.3.el5.src",
"5Server:automake14-0:1.4p6-13.el5.1.noarch",
"5Server:automake14-0:1.4p6-13.el5.1.src",
"5Server:automake15-0:1.5-16.el5.2.noarch",
"5Server:automake15-0:1.5-16.el5.2.src",
"5Server:automake16-0:1.6.3-8.el5.1.noarch",
"5Server:automake16-0:1.6.3-8.el5.1.src",
"5Server:automake17-0:1.7.9-7.el5.2.noarch",
"5Server:automake17-0:1.7.9-7.el5.2.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4029"
},
{
"category": "external",
"summary": "RHBZ#542609",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=542609"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4029",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4029"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4029",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4029"
}
],
"release_date": "2009-12-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-03-29T12:00:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Workstation:automake-0:1.9.6-2.3.el5.noarch",
"5Client-Workstation:automake-0:1.9.6-2.3.el5.src",
"5Client-Workstation:automake14-0:1.4p6-13.el5.1.noarch",
"5Client-Workstation:automake14-0:1.4p6-13.el5.1.src",
"5Client-Workstation:automake15-0:1.5-16.el5.2.noarch",
"5Client-Workstation:automake15-0:1.5-16.el5.2.src",
"5Client-Workstation:automake16-0:1.6.3-8.el5.1.noarch",
"5Client-Workstation:automake16-0:1.6.3-8.el5.1.src",
"5Client-Workstation:automake17-0:1.7.9-7.el5.2.noarch",
"5Client-Workstation:automake17-0:1.7.9-7.el5.2.src",
"5Server:automake-0:1.9.6-2.3.el5.noarch",
"5Server:automake-0:1.9.6-2.3.el5.src",
"5Server:automake14-0:1.4p6-13.el5.1.noarch",
"5Server:automake14-0:1.4p6-13.el5.1.src",
"5Server:automake15-0:1.5-16.el5.2.noarch",
"5Server:automake15-0:1.5-16.el5.2.src",
"5Server:automake16-0:1.6.3-8.el5.1.noarch",
"5Server:automake16-0:1.6.3-8.el5.1.src",
"5Server:automake17-0:1.7.9-7.el5.2.noarch",
"5Server:automake17-0:1.7.9-7.el5.2.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0321"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Workstation:automake-0:1.9.6-2.3.el5.noarch",
"5Client-Workstation:automake-0:1.9.6-2.3.el5.src",
"5Client-Workstation:automake14-0:1.4p6-13.el5.1.noarch",
"5Client-Workstation:automake14-0:1.4p6-13.el5.1.src",
"5Client-Workstation:automake15-0:1.5-16.el5.2.noarch",
"5Client-Workstation:automake15-0:1.5-16.el5.2.src",
"5Client-Workstation:automake16-0:1.6.3-8.el5.1.noarch",
"5Client-Workstation:automake16-0:1.6.3-8.el5.1.src",
"5Client-Workstation:automake17-0:1.7.9-7.el5.2.noarch",
"5Client-Workstation:automake17-0:1.7.9-7.el5.2.src",
"5Server:automake-0:1.9.6-2.3.el5.noarch",
"5Server:automake-0:1.9.6-2.3.el5.src",
"5Server:automake14-0:1.4p6-13.el5.1.noarch",
"5Server:automake14-0:1.4p6-13.el5.1.src",
"5Server:automake15-0:1.5-16.el5.2.noarch",
"5Server:automake15-0:1.5-16.el5.2.src",
"5Server:automake16-0:1.6.3-8.el5.1.noarch",
"5Server:automake16-0:1.6.3-8.el5.1.src",
"5Server:automake17-0:1.7.9-7.el5.2.noarch",
"5Server:automake17-0:1.7.9-7.el5.2.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Automake: Race condition by creation of \"distdir\" based directory hierarchy"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…