Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2009-4029 (GCVE-0-2009-4029)
Vulnerability from cvelistv5
Published
2009-12-20 02:00
Modified
2024-08-07 06:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:45:50.920Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2010:203",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:203"
},
{
"name": "[automake] 20091208 CVE-2009-4029 Automake security fix for \u0027make dist*\u0027",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html"
},
{
"name": "[automake-patches] 20091128 [PATCH] do not put world-writable directories in distribution tarballs",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/automake-patches/2009-11/msg00017.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://savannah.gnu.org/forum/forum.php?forum_id=6077"
},
{
"name": "[automake] 20091208 Re: CVE-2009-4029 Automake security fix for \u0027make dist*\u0027",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00013.html"
},
{
"name": "20101027 rPSA-2010-0071-1 automake",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/514526/100/0/threaded"
},
{
"name": "[automake] 20091208 GNU Automake 1.11.1 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00010.html"
},
{
"name": "oval:org.mitre.oval:def:11717",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11717"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071"
},
{
"name": "ADV-2009-3579",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3579"
},
{
"name": "[automake] 20091208 GNU Automake 1.10.3 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00011.html"
},
{
"name": "1021784",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021784.1-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-11-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "MDVSA-2010:203",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:203"
},
{
"name": "[automake] 20091208 CVE-2009-4029 Automake security fix for \u0027make dist*\u0027",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html"
},
{
"name": "[automake-patches] 20091128 [PATCH] do not put world-writable directories in distribution tarballs",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/automake-patches/2009-11/msg00017.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://savannah.gnu.org/forum/forum.php?forum_id=6077"
},
{
"name": "[automake] 20091208 Re: CVE-2009-4029 Automake security fix for \u0027make dist*\u0027",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00013.html"
},
{
"name": "20101027 rPSA-2010-0071-1 automake",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/514526/100/0/threaded"
},
{
"name": "[automake] 20091208 GNU Automake 1.11.1 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00010.html"
},
{
"name": "oval:org.mitre.oval:def:11717",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11717"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071"
},
{
"name": "ADV-2009-3579",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3579"
},
{
"name": "[automake] 20091208 GNU Automake 1.10.3 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00011.html"
},
{
"name": "1021784",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021784.1-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-4029",
"datePublished": "2009-12-20T02:00:00",
"dateReserved": "2009-11-20T00:00:00",
"dateUpdated": "2024-08-07T06:45:50.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2009-4029\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2009-12-20T02:30:00.483\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.\"},{\"lang\":\"es\",\"value\":\"Las reglas (1) dist o (2) distcheck en GNU Automake v1.11.1, v1.10.3, branch-1-4 a branch-1-9, cuando se genera una distribuci\u00f3n mediante fichero .tar de un paquete que usa Automake, asignan permisos inseguros (777) a los directorios en el \u00e1rbol de construcci\u00f3n, lo que introduce una condici\u00f3n de carrera que permite modificar, a los usuarios locales, el contenido de los archivos del paquete, la introducci\u00f3n de troyanos, o llevar a cabo otros ataques antes de que la construcci\u00f3n se haya completado.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":4.4,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-362\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:1.10.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2A91930-6A6C-4B56-99DF-8A06F270AEC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:1.11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F35A4AC-1FA1-49CA-A465-5E0E6E05AC0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:automake:branch:1-9:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D37A8B9-BA44-4543-94C1-E10A4C7F39A3\"}]}]}],\"references\":[{\"url\":\"http://lists.gnu.org/archive/html/automake-patches/2009-11/msg00017.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\"]},{\"url\":\"http://lists.gnu.org/archive/html/automake/2009-12/msg00010.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.gnu.org/archive/html/automake/2009-12/msg00011.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://lists.gnu.org/archive/html/automake/2009-12/msg00013.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://savannah.gnu.org/forum/forum.php?forum_id=6077\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021784.1-1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2010:203\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/514526/100/0/threaded\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/3579\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11717\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.gnu.org/archive/html/automake-patches/2009-11/msg00017.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://lists.gnu.org/archive/html/automake/2009-12/msg00010.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.gnu.org/archive/html/automake/2009-12/msg00011.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://lists.gnu.org/archive/html/automake/2009-12/msg00013.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://savannah.gnu.org/forum/forum.php?forum_id=6077\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021784.1-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2010:203\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/514526/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/3579\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11717\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"Red Hat is aware of this issue and is tracking it via the following\\nbug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-4029\\n\\nThis issue was addressed in the automake, automake14, automake15, automake16 and automake17 packages as shipped with Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2010-0321.html\\n\\nThe Red Hat Security Response Team has rated this issue as having low security impact, theres no plan to address this flaw in automake packages in Red Hat Enterprise Linux 3 and 4.\",\"lastModified\":\"2010-03-31T00:00:00\"}]}}"
}
}
ghsa-9xh2-rhpf-vx4p
Vulnerability from github
Published
2022-05-02 03:50
Modified
2022-05-02 03:50
VLAI Severity ?
Details
The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.
{
"affected": [],
"aliases": [
"CVE-2009-4029"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2009-12-20T02:30:00Z",
"severity": "MODERATE"
},
"details": "The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.",
"id": "GHSA-9xh2-rhpf-vx4p",
"modified": "2022-05-02T03:50:43Z",
"published": "2022-05-02T03:50:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4029"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11717"
},
{
"type": "WEB",
"url": "http://lists.gnu.org/archive/html/automake-patches/2009-11/msg00017.html"
},
{
"type": "WEB",
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00010.html"
},
{
"type": "WEB",
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00011.html"
},
{
"type": "WEB",
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html"
},
{
"type": "WEB",
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00013.html"
},
{
"type": "WEB",
"url": "http://savannah.gnu.org/forum/forum.php?forum_id=6077"
},
{
"type": "WEB",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021784.1-1"
},
{
"type": "WEB",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:203"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/514526/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2009/3579"
}
],
"schema_version": "1.4.0",
"severity": []
}
opensuse-su-2024:10027-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
automake-1.15-4.6 on GA media
Notes
Title of the patch
automake-1.15-4.6 on GA media
Description of the patch
These are all security issues fixed in the automake-1.15-4.6 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10027
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "automake-1.15-4.6 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the automake-1.15-4.6 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10027",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10027-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2009-4029 page",
"url": "https://www.suse.com/security/cve/CVE-2009-4029/"
}
],
"title": "automake-1.15-4.6 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10027-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "automake-1.15-4.6.aarch64",
"product": {
"name": "automake-1.15-4.6.aarch64",
"product_id": "automake-1.15-4.6.aarch64"
}
},
{
"category": "product_version",
"name": "m4-1.4.17-5.7.aarch64",
"product": {
"name": "m4-1.4.17-5.7.aarch64",
"product_id": "m4-1.4.17-5.7.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "automake-1.15-4.6.ppc64le",
"product": {
"name": "automake-1.15-4.6.ppc64le",
"product_id": "automake-1.15-4.6.ppc64le"
}
},
{
"category": "product_version",
"name": "m4-1.4.17-5.7.ppc64le",
"product": {
"name": "m4-1.4.17-5.7.ppc64le",
"product_id": "m4-1.4.17-5.7.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "automake-1.15-4.6.s390x",
"product": {
"name": "automake-1.15-4.6.s390x",
"product_id": "automake-1.15-4.6.s390x"
}
},
{
"category": "product_version",
"name": "m4-1.4.17-5.7.s390x",
"product": {
"name": "m4-1.4.17-5.7.s390x",
"product_id": "m4-1.4.17-5.7.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "automake-1.15-4.6.x86_64",
"product": {
"name": "automake-1.15-4.6.x86_64",
"product_id": "automake-1.15-4.6.x86_64"
}
},
{
"category": "product_version",
"name": "m4-1.4.17-5.7.x86_64",
"product": {
"name": "m4-1.4.17-5.7.x86_64",
"product_id": "m4-1.4.17-5.7.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "automake-1.15-4.6.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:automake-1.15-4.6.aarch64"
},
"product_reference": "automake-1.15-4.6.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake-1.15-4.6.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:automake-1.15-4.6.ppc64le"
},
"product_reference": "automake-1.15-4.6.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake-1.15-4.6.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:automake-1.15-4.6.s390x"
},
"product_reference": "automake-1.15-4.6.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake-1.15-4.6.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:automake-1.15-4.6.x86_64"
},
"product_reference": "automake-1.15-4.6.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "m4-1.4.17-5.7.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:m4-1.4.17-5.7.aarch64"
},
"product_reference": "m4-1.4.17-5.7.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "m4-1.4.17-5.7.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:m4-1.4.17-5.7.ppc64le"
},
"product_reference": "m4-1.4.17-5.7.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "m4-1.4.17-5.7.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:m4-1.4.17-5.7.s390x"
},
"product_reference": "m4-1.4.17-5.7.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "m4-1.4.17-5.7.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:m4-1.4.17-5.7.x86_64"
},
"product_reference": "m4-1.4.17-5.7.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-4029",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2009-4029"
}
],
"notes": [
{
"category": "general",
"text": "The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:automake-1.15-4.6.aarch64",
"openSUSE Tumbleweed:automake-1.15-4.6.ppc64le",
"openSUSE Tumbleweed:automake-1.15-4.6.s390x",
"openSUSE Tumbleweed:automake-1.15-4.6.x86_64",
"openSUSE Tumbleweed:m4-1.4.17-5.7.aarch64",
"openSUSE Tumbleweed:m4-1.4.17-5.7.ppc64le",
"openSUSE Tumbleweed:m4-1.4.17-5.7.s390x",
"openSUSE Tumbleweed:m4-1.4.17-5.7.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2009-4029",
"url": "https://www.suse.com/security/cve/CVE-2009-4029"
},
{
"category": "external",
"summary": "SUSE Bug 559815 for CVE-2009-4029",
"url": "https://bugzilla.suse.com/559815"
},
{
"category": "external",
"summary": "SUSE Bug 770618 for CVE-2009-4029",
"url": "https://bugzilla.suse.com/770618"
},
{
"category": "external",
"summary": "SUSE Bug 786745 for CVE-2009-4029",
"url": "https://bugzilla.suse.com/786745"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:automake-1.15-4.6.aarch64",
"openSUSE Tumbleweed:automake-1.15-4.6.ppc64le",
"openSUSE Tumbleweed:automake-1.15-4.6.s390x",
"openSUSE Tumbleweed:automake-1.15-4.6.x86_64",
"openSUSE Tumbleweed:m4-1.4.17-5.7.aarch64",
"openSUSE Tumbleweed:m4-1.4.17-5.7.ppc64le",
"openSUSE Tumbleweed:m4-1.4.17-5.7.s390x",
"openSUSE Tumbleweed:m4-1.4.17-5.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2009-4029"
}
]
}
opensuse-su-2024:10293-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
cppi-1.18-2.4 on GA media
Notes
Title of the patch
cppi-1.18-2.4 on GA media
Description of the patch
These are all security issues fixed in the cppi-1.18-2.4 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10293
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "cppi-1.18-2.4 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the cppi-1.18-2.4 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10293",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10293-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2009-4029 page",
"url": "https://www.suse.com/security/cve/CVE-2009-4029/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2012-3386 page",
"url": "https://www.suse.com/security/cve/CVE-2012-3386/"
}
],
"title": "cppi-1.18-2.4 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10293-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cppi-1.18-2.4.aarch64",
"product": {
"name": "cppi-1.18-2.4.aarch64",
"product_id": "cppi-1.18-2.4.aarch64"
}
},
{
"category": "product_version",
"name": "cppi-lang-1.18-2.4.aarch64",
"product": {
"name": "cppi-lang-1.18-2.4.aarch64",
"product_id": "cppi-lang-1.18-2.4.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cppi-1.18-2.4.ppc64le",
"product": {
"name": "cppi-1.18-2.4.ppc64le",
"product_id": "cppi-1.18-2.4.ppc64le"
}
},
{
"category": "product_version",
"name": "cppi-lang-1.18-2.4.ppc64le",
"product": {
"name": "cppi-lang-1.18-2.4.ppc64le",
"product_id": "cppi-lang-1.18-2.4.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cppi-1.18-2.4.s390x",
"product": {
"name": "cppi-1.18-2.4.s390x",
"product_id": "cppi-1.18-2.4.s390x"
}
},
{
"category": "product_version",
"name": "cppi-lang-1.18-2.4.s390x",
"product": {
"name": "cppi-lang-1.18-2.4.s390x",
"product_id": "cppi-lang-1.18-2.4.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cppi-1.18-2.4.x86_64",
"product": {
"name": "cppi-1.18-2.4.x86_64",
"product_id": "cppi-1.18-2.4.x86_64"
}
},
{
"category": "product_version",
"name": "cppi-lang-1.18-2.4.x86_64",
"product": {
"name": "cppi-lang-1.18-2.4.x86_64",
"product_id": "cppi-lang-1.18-2.4.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cppi-1.18-2.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cppi-1.18-2.4.aarch64"
},
"product_reference": "cppi-1.18-2.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cppi-1.18-2.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cppi-1.18-2.4.ppc64le"
},
"product_reference": "cppi-1.18-2.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cppi-1.18-2.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cppi-1.18-2.4.s390x"
},
"product_reference": "cppi-1.18-2.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cppi-1.18-2.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cppi-1.18-2.4.x86_64"
},
"product_reference": "cppi-1.18-2.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cppi-lang-1.18-2.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cppi-lang-1.18-2.4.aarch64"
},
"product_reference": "cppi-lang-1.18-2.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cppi-lang-1.18-2.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cppi-lang-1.18-2.4.ppc64le"
},
"product_reference": "cppi-lang-1.18-2.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cppi-lang-1.18-2.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cppi-lang-1.18-2.4.s390x"
},
"product_reference": "cppi-lang-1.18-2.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cppi-lang-1.18-2.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cppi-lang-1.18-2.4.x86_64"
},
"product_reference": "cppi-lang-1.18-2.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-4029",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2009-4029"
}
],
"notes": [
{
"category": "general",
"text": "The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cppi-1.18-2.4.aarch64",
"openSUSE Tumbleweed:cppi-1.18-2.4.ppc64le",
"openSUSE Tumbleweed:cppi-1.18-2.4.s390x",
"openSUSE Tumbleweed:cppi-1.18-2.4.x86_64",
"openSUSE Tumbleweed:cppi-lang-1.18-2.4.aarch64",
"openSUSE Tumbleweed:cppi-lang-1.18-2.4.ppc64le",
"openSUSE Tumbleweed:cppi-lang-1.18-2.4.s390x",
"openSUSE Tumbleweed:cppi-lang-1.18-2.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2009-4029",
"url": "https://www.suse.com/security/cve/CVE-2009-4029"
},
{
"category": "external",
"summary": "SUSE Bug 559815 for CVE-2009-4029",
"url": "https://bugzilla.suse.com/559815"
},
{
"category": "external",
"summary": "SUSE Bug 770618 for CVE-2009-4029",
"url": "https://bugzilla.suse.com/770618"
},
{
"category": "external",
"summary": "SUSE Bug 786745 for CVE-2009-4029",
"url": "https://bugzilla.suse.com/786745"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cppi-1.18-2.4.aarch64",
"openSUSE Tumbleweed:cppi-1.18-2.4.ppc64le",
"openSUSE Tumbleweed:cppi-1.18-2.4.s390x",
"openSUSE Tumbleweed:cppi-1.18-2.4.x86_64",
"openSUSE Tumbleweed:cppi-lang-1.18-2.4.aarch64",
"openSUSE Tumbleweed:cppi-lang-1.18-2.4.ppc64le",
"openSUSE Tumbleweed:cppi-lang-1.18-2.4.s390x",
"openSUSE Tumbleweed:cppi-lang-1.18-2.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2009-4029"
},
{
"cve": "CVE-2012-3386",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2012-3386"
}
],
"notes": [
{
"category": "general",
"text": "The \"make distcheck\" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cppi-1.18-2.4.aarch64",
"openSUSE Tumbleweed:cppi-1.18-2.4.ppc64le",
"openSUSE Tumbleweed:cppi-1.18-2.4.s390x",
"openSUSE Tumbleweed:cppi-1.18-2.4.x86_64",
"openSUSE Tumbleweed:cppi-lang-1.18-2.4.aarch64",
"openSUSE Tumbleweed:cppi-lang-1.18-2.4.ppc64le",
"openSUSE Tumbleweed:cppi-lang-1.18-2.4.s390x",
"openSUSE Tumbleweed:cppi-lang-1.18-2.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2012-3386",
"url": "https://www.suse.com/security/cve/CVE-2012-3386"
},
{
"category": "external",
"summary": "SUSE Bug 770618 for CVE-2012-3386",
"url": "https://bugzilla.suse.com/770618"
},
{
"category": "external",
"summary": "SUSE Bug 786745 for CVE-2012-3386",
"url": "https://bugzilla.suse.com/786745"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cppi-1.18-2.4.aarch64",
"openSUSE Tumbleweed:cppi-1.18-2.4.ppc64le",
"openSUSE Tumbleweed:cppi-1.18-2.4.s390x",
"openSUSE Tumbleweed:cppi-1.18-2.4.x86_64",
"openSUSE Tumbleweed:cppi-lang-1.18-2.4.aarch64",
"openSUSE Tumbleweed:cppi-lang-1.18-2.4.ppc64le",
"openSUSE Tumbleweed:cppi-lang-1.18-2.4.s390x",
"openSUSE Tumbleweed:cppi-lang-1.18-2.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2012-3386"
}
]
}
RHSA-2010:0321
Vulnerability from csaf_redhat
Published
2010-03-29 12:00
Modified
2025-09-10 13:47
Summary
Red Hat Security Advisory: automake security update
Notes
Topic
Updated automake, automake14, automake15, automake16, and automake17
packages that fix one security issue are now available for Red Hat
Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
Details
Automake is a tool for automatically generating Makefile.in files compliant
with the GNU Coding Standards.
Automake-generated Makefiles made certain directories world-writable when
preparing source archives, as was recommended by the GNU Coding Standards.
If a malicious, local user could access the directory where a victim was
creating distribution archives, they could use this flaw to modify the
files being added to those archives. Makefiles generated by these updated
automake packages no longer make distribution directories world-writable,
as recommended by the updated GNU Coding Standards. (CVE-2009-4029)
Note: This issue affected Makefile targets used by developers to prepare
distribution source archives. Those targets are not used when compiling
programs from the source code.
All users of automake, automake14, automake15, automake16, and automake17
should upgrade to these updated packages, which resolve this issue.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated automake, automake14, automake15, automake16, and automake17\npackages that fix one security issue are now available for Red Hat\nEnterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Automake is a tool for automatically generating Makefile.in files compliant\nwith the GNU Coding Standards.\n\nAutomake-generated Makefiles made certain directories world-writable when\npreparing source archives, as was recommended by the GNU Coding Standards.\nIf a malicious, local user could access the directory where a victim was\ncreating distribution archives, they could use this flaw to modify the\nfiles being added to those archives. Makefiles generated by these updated\nautomake packages no longer make distribution directories world-writable,\nas recommended by the updated GNU Coding Standards. (CVE-2009-4029)\n\nNote: This issue affected Makefile targets used by developers to prepare\ndistribution source archives. Those targets are not used when compiling\nprograms from the source code.\n\nAll users of automake, automake14, automake15, automake16, and automake17\nshould upgrade to these updated packages, which resolve this issue.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0321",
"url": "https://access.redhat.com/errata/RHSA-2010:0321"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "http://www.gnu.org/prep/standards/html_node/Releases.html",
"url": "http://www.gnu.org/prep/standards/html_node/Releases.html"
},
{
"category": "external",
"summary": "542609",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=542609"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0321.json"
}
],
"title": "Red Hat Security Advisory: automake security update",
"tracking": {
"current_release_date": "2025-09-10T13:47:19+00:00",
"generator": {
"date": "2025-09-10T13:47:19+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.7"
}
},
"id": "RHSA-2010:0321",
"initial_release_date": "2010-03-29T12:00:00+00:00",
"revision_history": [
{
"date": "2010-03-29T12:00:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-03-29T10:44:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-10T13:47:19+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::client_workstation"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product": {
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "automake14-0:1.4p6-13.el5.1.src",
"product": {
"name": "automake14-0:1.4p6-13.el5.1.src",
"product_id": "automake14-0:1.4p6-13.el5.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake14@1.4p6-13.el5.1?arch=src"
}
}
},
{
"category": "product_version",
"name": "automake15-0:1.5-16.el5.2.src",
"product": {
"name": "automake15-0:1.5-16.el5.2.src",
"product_id": "automake15-0:1.5-16.el5.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake15@1.5-16.el5.2?arch=src"
}
}
},
{
"category": "product_version",
"name": "automake16-0:1.6.3-8.el5.1.src",
"product": {
"name": "automake16-0:1.6.3-8.el5.1.src",
"product_id": "automake16-0:1.6.3-8.el5.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake16@1.6.3-8.el5.1?arch=src"
}
}
},
{
"category": "product_version",
"name": "automake17-0:1.7.9-7.el5.2.src",
"product": {
"name": "automake17-0:1.7.9-7.el5.2.src",
"product_id": "automake17-0:1.7.9-7.el5.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake17@1.7.9-7.el5.2?arch=src"
}
}
},
{
"category": "product_version",
"name": "automake-0:1.9.6-2.3.el5.src",
"product": {
"name": "automake-0:1.9.6-2.3.el5.src",
"product_id": "automake-0:1.9.6-2.3.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake@1.9.6-2.3.el5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "automake14-0:1.4p6-13.el5.1.noarch",
"product": {
"name": "automake14-0:1.4p6-13.el5.1.noarch",
"product_id": "automake14-0:1.4p6-13.el5.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake14@1.4p6-13.el5.1?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automake15-0:1.5-16.el5.2.noarch",
"product": {
"name": "automake15-0:1.5-16.el5.2.noarch",
"product_id": "automake15-0:1.5-16.el5.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake15@1.5-16.el5.2?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automake16-0:1.6.3-8.el5.1.noarch",
"product": {
"name": "automake16-0:1.6.3-8.el5.1.noarch",
"product_id": "automake16-0:1.6.3-8.el5.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake16@1.6.3-8.el5.1?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automake17-0:1.7.9-7.el5.2.noarch",
"product": {
"name": "automake17-0:1.7.9-7.el5.2.noarch",
"product_id": "automake17-0:1.7.9-7.el5.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake17@1.7.9-7.el5.2?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automake-0:1.9.6-2.3.el5.noarch",
"product": {
"name": "automake-0:1.9.6-2.3.el5.noarch",
"product_id": "automake-0:1.9.6-2.3.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake@1.9.6-2.3.el5?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "automake-0:1.9.6-2.3.el5.noarch as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake-0:1.9.6-2.3.el5.noarch"
},
"product_reference": "automake-0:1.9.6-2.3.el5.noarch",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake-0:1.9.6-2.3.el5.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake-0:1.9.6-2.3.el5.src"
},
"product_reference": "automake-0:1.9.6-2.3.el5.src",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake14-0:1.4p6-13.el5.1.noarch as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake14-0:1.4p6-13.el5.1.noarch"
},
"product_reference": "automake14-0:1.4p6-13.el5.1.noarch",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake14-0:1.4p6-13.el5.1.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake14-0:1.4p6-13.el5.1.src"
},
"product_reference": "automake14-0:1.4p6-13.el5.1.src",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake15-0:1.5-16.el5.2.noarch as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake15-0:1.5-16.el5.2.noarch"
},
"product_reference": "automake15-0:1.5-16.el5.2.noarch",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake15-0:1.5-16.el5.2.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake15-0:1.5-16.el5.2.src"
},
"product_reference": "automake15-0:1.5-16.el5.2.src",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake16-0:1.6.3-8.el5.1.noarch as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake16-0:1.6.3-8.el5.1.noarch"
},
"product_reference": "automake16-0:1.6.3-8.el5.1.noarch",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake16-0:1.6.3-8.el5.1.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake16-0:1.6.3-8.el5.1.src"
},
"product_reference": "automake16-0:1.6.3-8.el5.1.src",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake17-0:1.7.9-7.el5.2.noarch as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake17-0:1.7.9-7.el5.2.noarch"
},
"product_reference": "automake17-0:1.7.9-7.el5.2.noarch",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake17-0:1.7.9-7.el5.2.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake17-0:1.7.9-7.el5.2.src"
},
"product_reference": "automake17-0:1.7.9-7.el5.2.src",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake-0:1.9.6-2.3.el5.noarch as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake-0:1.9.6-2.3.el5.noarch"
},
"product_reference": "automake-0:1.9.6-2.3.el5.noarch",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake-0:1.9.6-2.3.el5.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake-0:1.9.6-2.3.el5.src"
},
"product_reference": "automake-0:1.9.6-2.3.el5.src",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake14-0:1.4p6-13.el5.1.noarch as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake14-0:1.4p6-13.el5.1.noarch"
},
"product_reference": "automake14-0:1.4p6-13.el5.1.noarch",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake14-0:1.4p6-13.el5.1.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake14-0:1.4p6-13.el5.1.src"
},
"product_reference": "automake14-0:1.4p6-13.el5.1.src",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake15-0:1.5-16.el5.2.noarch as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake15-0:1.5-16.el5.2.noarch"
},
"product_reference": "automake15-0:1.5-16.el5.2.noarch",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake15-0:1.5-16.el5.2.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake15-0:1.5-16.el5.2.src"
},
"product_reference": "automake15-0:1.5-16.el5.2.src",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake16-0:1.6.3-8.el5.1.noarch as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake16-0:1.6.3-8.el5.1.noarch"
},
"product_reference": "automake16-0:1.6.3-8.el5.1.noarch",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake16-0:1.6.3-8.el5.1.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake16-0:1.6.3-8.el5.1.src"
},
"product_reference": "automake16-0:1.6.3-8.el5.1.src",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake17-0:1.7.9-7.el5.2.noarch as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake17-0:1.7.9-7.el5.2.noarch"
},
"product_reference": "automake17-0:1.7.9-7.el5.2.noarch",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake17-0:1.7.9-7.el5.2.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake17-0:1.7.9-7.el5.2.src"
},
"product_reference": "automake17-0:1.7.9-7.el5.2.src",
"relates_to_product_reference": "5Server"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-4029",
"discovery_date": "2009-11-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "542609"
}
],
"notes": [
{
"category": "description",
"text": "The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Automake: Race condition by creation of \"distdir\" based directory hierarchy",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security has rated this issue as having low security impact, theres no plan to address this flaw in automake packages in Red Hat Enterprise Linux 3 and 4.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Workstation:automake-0:1.9.6-2.3.el5.noarch",
"5Client-Workstation:automake-0:1.9.6-2.3.el5.src",
"5Client-Workstation:automake14-0:1.4p6-13.el5.1.noarch",
"5Client-Workstation:automake14-0:1.4p6-13.el5.1.src",
"5Client-Workstation:automake15-0:1.5-16.el5.2.noarch",
"5Client-Workstation:automake15-0:1.5-16.el5.2.src",
"5Client-Workstation:automake16-0:1.6.3-8.el5.1.noarch",
"5Client-Workstation:automake16-0:1.6.3-8.el5.1.src",
"5Client-Workstation:automake17-0:1.7.9-7.el5.2.noarch",
"5Client-Workstation:automake17-0:1.7.9-7.el5.2.src",
"5Server:automake-0:1.9.6-2.3.el5.noarch",
"5Server:automake-0:1.9.6-2.3.el5.src",
"5Server:automake14-0:1.4p6-13.el5.1.noarch",
"5Server:automake14-0:1.4p6-13.el5.1.src",
"5Server:automake15-0:1.5-16.el5.2.noarch",
"5Server:automake15-0:1.5-16.el5.2.src",
"5Server:automake16-0:1.6.3-8.el5.1.noarch",
"5Server:automake16-0:1.6.3-8.el5.1.src",
"5Server:automake17-0:1.7.9-7.el5.2.noarch",
"5Server:automake17-0:1.7.9-7.el5.2.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4029"
},
{
"category": "external",
"summary": "RHBZ#542609",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=542609"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4029",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4029"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4029",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4029"
}
],
"release_date": "2009-12-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-03-29T12:00:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Workstation:automake-0:1.9.6-2.3.el5.noarch",
"5Client-Workstation:automake-0:1.9.6-2.3.el5.src",
"5Client-Workstation:automake14-0:1.4p6-13.el5.1.noarch",
"5Client-Workstation:automake14-0:1.4p6-13.el5.1.src",
"5Client-Workstation:automake15-0:1.5-16.el5.2.noarch",
"5Client-Workstation:automake15-0:1.5-16.el5.2.src",
"5Client-Workstation:automake16-0:1.6.3-8.el5.1.noarch",
"5Client-Workstation:automake16-0:1.6.3-8.el5.1.src",
"5Client-Workstation:automake17-0:1.7.9-7.el5.2.noarch",
"5Client-Workstation:automake17-0:1.7.9-7.el5.2.src",
"5Server:automake-0:1.9.6-2.3.el5.noarch",
"5Server:automake-0:1.9.6-2.3.el5.src",
"5Server:automake14-0:1.4p6-13.el5.1.noarch",
"5Server:automake14-0:1.4p6-13.el5.1.src",
"5Server:automake15-0:1.5-16.el5.2.noarch",
"5Server:automake15-0:1.5-16.el5.2.src",
"5Server:automake16-0:1.6.3-8.el5.1.noarch",
"5Server:automake16-0:1.6.3-8.el5.1.src",
"5Server:automake17-0:1.7.9-7.el5.2.noarch",
"5Server:automake17-0:1.7.9-7.el5.2.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0321"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Workstation:automake-0:1.9.6-2.3.el5.noarch",
"5Client-Workstation:automake-0:1.9.6-2.3.el5.src",
"5Client-Workstation:automake14-0:1.4p6-13.el5.1.noarch",
"5Client-Workstation:automake14-0:1.4p6-13.el5.1.src",
"5Client-Workstation:automake15-0:1.5-16.el5.2.noarch",
"5Client-Workstation:automake15-0:1.5-16.el5.2.src",
"5Client-Workstation:automake16-0:1.6.3-8.el5.1.noarch",
"5Client-Workstation:automake16-0:1.6.3-8.el5.1.src",
"5Client-Workstation:automake17-0:1.7.9-7.el5.2.noarch",
"5Client-Workstation:automake17-0:1.7.9-7.el5.2.src",
"5Server:automake-0:1.9.6-2.3.el5.noarch",
"5Server:automake-0:1.9.6-2.3.el5.src",
"5Server:automake14-0:1.4p6-13.el5.1.noarch",
"5Server:automake14-0:1.4p6-13.el5.1.src",
"5Server:automake15-0:1.5-16.el5.2.noarch",
"5Server:automake15-0:1.5-16.el5.2.src",
"5Server:automake16-0:1.6.3-8.el5.1.noarch",
"5Server:automake16-0:1.6.3-8.el5.1.src",
"5Server:automake17-0:1.7.9-7.el5.2.noarch",
"5Server:automake17-0:1.7.9-7.el5.2.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Automake: Race condition by creation of \"distdir\" based directory hierarchy"
}
]
}
rhsa-2010_0321
Vulnerability from csaf_redhat
Published
2010-03-29 12:00
Modified
2024-11-22 03:16
Summary
Red Hat Security Advisory: automake security update
Notes
Topic
Updated automake, automake14, automake15, automake16, and automake17
packages that fix one security issue are now available for Red Hat
Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
Details
Automake is a tool for automatically generating Makefile.in files compliant
with the GNU Coding Standards.
Automake-generated Makefiles made certain directories world-writable when
preparing source archives, as was recommended by the GNU Coding Standards.
If a malicious, local user could access the directory where a victim was
creating distribution archives, they could use this flaw to modify the
files being added to those archives. Makefiles generated by these updated
automake packages no longer make distribution directories world-writable,
as recommended by the updated GNU Coding Standards. (CVE-2009-4029)
Note: This issue affected Makefile targets used by developers to prepare
distribution source archives. Those targets are not used when compiling
programs from the source code.
All users of automake, automake14, automake15, automake16, and automake17
should upgrade to these updated packages, which resolve this issue.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated automake, automake14, automake15, automake16, and automake17\npackages that fix one security issue are now available for Red Hat\nEnterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Automake is a tool for automatically generating Makefile.in files compliant\nwith the GNU Coding Standards.\n\nAutomake-generated Makefiles made certain directories world-writable when\npreparing source archives, as was recommended by the GNU Coding Standards.\nIf a malicious, local user could access the directory where a victim was\ncreating distribution archives, they could use this flaw to modify the\nfiles being added to those archives. Makefiles generated by these updated\nautomake packages no longer make distribution directories world-writable,\nas recommended by the updated GNU Coding Standards. (CVE-2009-4029)\n\nNote: This issue affected Makefile targets used by developers to prepare\ndistribution source archives. Those targets are not used when compiling\nprograms from the source code.\n\nAll users of automake, automake14, automake15, automake16, and automake17\nshould upgrade to these updated packages, which resolve this issue.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0321",
"url": "https://access.redhat.com/errata/RHSA-2010:0321"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "http://www.gnu.org/prep/standards/html_node/Releases.html",
"url": "http://www.gnu.org/prep/standards/html_node/Releases.html"
},
{
"category": "external",
"summary": "542609",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=542609"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0321.json"
}
],
"title": "Red Hat Security Advisory: automake security update",
"tracking": {
"current_release_date": "2024-11-22T03:16:28+00:00",
"generator": {
"date": "2024-11-22T03:16:28+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2010:0321",
"initial_release_date": "2010-03-29T12:00:00+00:00",
"revision_history": [
{
"date": "2010-03-29T12:00:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-03-29T10:44:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T03:16:28+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::client_workstation"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product": {
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "automake14-0:1.4p6-13.el5.1.src",
"product": {
"name": "automake14-0:1.4p6-13.el5.1.src",
"product_id": "automake14-0:1.4p6-13.el5.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake14@1.4p6-13.el5.1?arch=src"
}
}
},
{
"category": "product_version",
"name": "automake15-0:1.5-16.el5.2.src",
"product": {
"name": "automake15-0:1.5-16.el5.2.src",
"product_id": "automake15-0:1.5-16.el5.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake15@1.5-16.el5.2?arch=src"
}
}
},
{
"category": "product_version",
"name": "automake16-0:1.6.3-8.el5.1.src",
"product": {
"name": "automake16-0:1.6.3-8.el5.1.src",
"product_id": "automake16-0:1.6.3-8.el5.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake16@1.6.3-8.el5.1?arch=src"
}
}
},
{
"category": "product_version",
"name": "automake17-0:1.7.9-7.el5.2.src",
"product": {
"name": "automake17-0:1.7.9-7.el5.2.src",
"product_id": "automake17-0:1.7.9-7.el5.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake17@1.7.9-7.el5.2?arch=src"
}
}
},
{
"category": "product_version",
"name": "automake-0:1.9.6-2.3.el5.src",
"product": {
"name": "automake-0:1.9.6-2.3.el5.src",
"product_id": "automake-0:1.9.6-2.3.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake@1.9.6-2.3.el5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "automake14-0:1.4p6-13.el5.1.noarch",
"product": {
"name": "automake14-0:1.4p6-13.el5.1.noarch",
"product_id": "automake14-0:1.4p6-13.el5.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake14@1.4p6-13.el5.1?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automake15-0:1.5-16.el5.2.noarch",
"product": {
"name": "automake15-0:1.5-16.el5.2.noarch",
"product_id": "automake15-0:1.5-16.el5.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake15@1.5-16.el5.2?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automake16-0:1.6.3-8.el5.1.noarch",
"product": {
"name": "automake16-0:1.6.3-8.el5.1.noarch",
"product_id": "automake16-0:1.6.3-8.el5.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake16@1.6.3-8.el5.1?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automake17-0:1.7.9-7.el5.2.noarch",
"product": {
"name": "automake17-0:1.7.9-7.el5.2.noarch",
"product_id": "automake17-0:1.7.9-7.el5.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake17@1.7.9-7.el5.2?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automake-0:1.9.6-2.3.el5.noarch",
"product": {
"name": "automake-0:1.9.6-2.3.el5.noarch",
"product_id": "automake-0:1.9.6-2.3.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake@1.9.6-2.3.el5?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "automake-0:1.9.6-2.3.el5.noarch as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake-0:1.9.6-2.3.el5.noarch"
},
"product_reference": "automake-0:1.9.6-2.3.el5.noarch",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake-0:1.9.6-2.3.el5.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake-0:1.9.6-2.3.el5.src"
},
"product_reference": "automake-0:1.9.6-2.3.el5.src",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake14-0:1.4p6-13.el5.1.noarch as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake14-0:1.4p6-13.el5.1.noarch"
},
"product_reference": "automake14-0:1.4p6-13.el5.1.noarch",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake14-0:1.4p6-13.el5.1.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake14-0:1.4p6-13.el5.1.src"
},
"product_reference": "automake14-0:1.4p6-13.el5.1.src",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake15-0:1.5-16.el5.2.noarch as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake15-0:1.5-16.el5.2.noarch"
},
"product_reference": "automake15-0:1.5-16.el5.2.noarch",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake15-0:1.5-16.el5.2.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake15-0:1.5-16.el5.2.src"
},
"product_reference": "automake15-0:1.5-16.el5.2.src",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake16-0:1.6.3-8.el5.1.noarch as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake16-0:1.6.3-8.el5.1.noarch"
},
"product_reference": "automake16-0:1.6.3-8.el5.1.noarch",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake16-0:1.6.3-8.el5.1.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake16-0:1.6.3-8.el5.1.src"
},
"product_reference": "automake16-0:1.6.3-8.el5.1.src",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake17-0:1.7.9-7.el5.2.noarch as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake17-0:1.7.9-7.el5.2.noarch"
},
"product_reference": "automake17-0:1.7.9-7.el5.2.noarch",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake17-0:1.7.9-7.el5.2.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake17-0:1.7.9-7.el5.2.src"
},
"product_reference": "automake17-0:1.7.9-7.el5.2.src",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake-0:1.9.6-2.3.el5.noarch as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake-0:1.9.6-2.3.el5.noarch"
},
"product_reference": "automake-0:1.9.6-2.3.el5.noarch",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake-0:1.9.6-2.3.el5.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake-0:1.9.6-2.3.el5.src"
},
"product_reference": "automake-0:1.9.6-2.3.el5.src",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake14-0:1.4p6-13.el5.1.noarch as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake14-0:1.4p6-13.el5.1.noarch"
},
"product_reference": "automake14-0:1.4p6-13.el5.1.noarch",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake14-0:1.4p6-13.el5.1.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake14-0:1.4p6-13.el5.1.src"
},
"product_reference": "automake14-0:1.4p6-13.el5.1.src",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake15-0:1.5-16.el5.2.noarch as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake15-0:1.5-16.el5.2.noarch"
},
"product_reference": "automake15-0:1.5-16.el5.2.noarch",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake15-0:1.5-16.el5.2.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake15-0:1.5-16.el5.2.src"
},
"product_reference": "automake15-0:1.5-16.el5.2.src",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake16-0:1.6.3-8.el5.1.noarch as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake16-0:1.6.3-8.el5.1.noarch"
},
"product_reference": "automake16-0:1.6.3-8.el5.1.noarch",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake16-0:1.6.3-8.el5.1.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake16-0:1.6.3-8.el5.1.src"
},
"product_reference": "automake16-0:1.6.3-8.el5.1.src",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake17-0:1.7.9-7.el5.2.noarch as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake17-0:1.7.9-7.el5.2.noarch"
},
"product_reference": "automake17-0:1.7.9-7.el5.2.noarch",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake17-0:1.7.9-7.el5.2.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake17-0:1.7.9-7.el5.2.src"
},
"product_reference": "automake17-0:1.7.9-7.el5.2.src",
"relates_to_product_reference": "5Server"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-4029",
"discovery_date": "2009-11-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "542609"
}
],
"notes": [
{
"category": "description",
"text": "The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Automake: Race condition by creation of \"distdir\" based directory hierarchy",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security has rated this issue as having low security impact, theres no plan to address this flaw in automake packages in Red Hat Enterprise Linux 3 and 4.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Workstation:automake-0:1.9.6-2.3.el5.noarch",
"5Client-Workstation:automake-0:1.9.6-2.3.el5.src",
"5Client-Workstation:automake14-0:1.4p6-13.el5.1.noarch",
"5Client-Workstation:automake14-0:1.4p6-13.el5.1.src",
"5Client-Workstation:automake15-0:1.5-16.el5.2.noarch",
"5Client-Workstation:automake15-0:1.5-16.el5.2.src",
"5Client-Workstation:automake16-0:1.6.3-8.el5.1.noarch",
"5Client-Workstation:automake16-0:1.6.3-8.el5.1.src",
"5Client-Workstation:automake17-0:1.7.9-7.el5.2.noarch",
"5Client-Workstation:automake17-0:1.7.9-7.el5.2.src",
"5Server:automake-0:1.9.6-2.3.el5.noarch",
"5Server:automake-0:1.9.6-2.3.el5.src",
"5Server:automake14-0:1.4p6-13.el5.1.noarch",
"5Server:automake14-0:1.4p6-13.el5.1.src",
"5Server:automake15-0:1.5-16.el5.2.noarch",
"5Server:automake15-0:1.5-16.el5.2.src",
"5Server:automake16-0:1.6.3-8.el5.1.noarch",
"5Server:automake16-0:1.6.3-8.el5.1.src",
"5Server:automake17-0:1.7.9-7.el5.2.noarch",
"5Server:automake17-0:1.7.9-7.el5.2.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4029"
},
{
"category": "external",
"summary": "RHBZ#542609",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=542609"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4029",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4029"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4029",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4029"
}
],
"release_date": "2009-12-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-03-29T12:00:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Workstation:automake-0:1.9.6-2.3.el5.noarch",
"5Client-Workstation:automake-0:1.9.6-2.3.el5.src",
"5Client-Workstation:automake14-0:1.4p6-13.el5.1.noarch",
"5Client-Workstation:automake14-0:1.4p6-13.el5.1.src",
"5Client-Workstation:automake15-0:1.5-16.el5.2.noarch",
"5Client-Workstation:automake15-0:1.5-16.el5.2.src",
"5Client-Workstation:automake16-0:1.6.3-8.el5.1.noarch",
"5Client-Workstation:automake16-0:1.6.3-8.el5.1.src",
"5Client-Workstation:automake17-0:1.7.9-7.el5.2.noarch",
"5Client-Workstation:automake17-0:1.7.9-7.el5.2.src",
"5Server:automake-0:1.9.6-2.3.el5.noarch",
"5Server:automake-0:1.9.6-2.3.el5.src",
"5Server:automake14-0:1.4p6-13.el5.1.noarch",
"5Server:automake14-0:1.4p6-13.el5.1.src",
"5Server:automake15-0:1.5-16.el5.2.noarch",
"5Server:automake15-0:1.5-16.el5.2.src",
"5Server:automake16-0:1.6.3-8.el5.1.noarch",
"5Server:automake16-0:1.6.3-8.el5.1.src",
"5Server:automake17-0:1.7.9-7.el5.2.noarch",
"5Server:automake17-0:1.7.9-7.el5.2.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0321"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Workstation:automake-0:1.9.6-2.3.el5.noarch",
"5Client-Workstation:automake-0:1.9.6-2.3.el5.src",
"5Client-Workstation:automake14-0:1.4p6-13.el5.1.noarch",
"5Client-Workstation:automake14-0:1.4p6-13.el5.1.src",
"5Client-Workstation:automake15-0:1.5-16.el5.2.noarch",
"5Client-Workstation:automake15-0:1.5-16.el5.2.src",
"5Client-Workstation:automake16-0:1.6.3-8.el5.1.noarch",
"5Client-Workstation:automake16-0:1.6.3-8.el5.1.src",
"5Client-Workstation:automake17-0:1.7.9-7.el5.2.noarch",
"5Client-Workstation:automake17-0:1.7.9-7.el5.2.src",
"5Server:automake-0:1.9.6-2.3.el5.noarch",
"5Server:automake-0:1.9.6-2.3.el5.src",
"5Server:automake14-0:1.4p6-13.el5.1.noarch",
"5Server:automake14-0:1.4p6-13.el5.1.src",
"5Server:automake15-0:1.5-16.el5.2.noarch",
"5Server:automake15-0:1.5-16.el5.2.src",
"5Server:automake16-0:1.6.3-8.el5.1.noarch",
"5Server:automake16-0:1.6.3-8.el5.1.src",
"5Server:automake17-0:1.7.9-7.el5.2.noarch",
"5Server:automake17-0:1.7.9-7.el5.2.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Automake: Race condition by creation of \"distdir\" based directory hierarchy"
}
]
}
rhsa-2010:0321
Vulnerability from csaf_redhat
Published
2010-03-29 12:00
Modified
2025-09-10 13:47
Summary
Red Hat Security Advisory: automake security update
Notes
Topic
Updated automake, automake14, automake15, automake16, and automake17
packages that fix one security issue are now available for Red Hat
Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
Details
Automake is a tool for automatically generating Makefile.in files compliant
with the GNU Coding Standards.
Automake-generated Makefiles made certain directories world-writable when
preparing source archives, as was recommended by the GNU Coding Standards.
If a malicious, local user could access the directory where a victim was
creating distribution archives, they could use this flaw to modify the
files being added to those archives. Makefiles generated by these updated
automake packages no longer make distribution directories world-writable,
as recommended by the updated GNU Coding Standards. (CVE-2009-4029)
Note: This issue affected Makefile targets used by developers to prepare
distribution source archives. Those targets are not used when compiling
programs from the source code.
All users of automake, automake14, automake15, automake16, and automake17
should upgrade to these updated packages, which resolve this issue.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated automake, automake14, automake15, automake16, and automake17\npackages that fix one security issue are now available for Red Hat\nEnterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Automake is a tool for automatically generating Makefile.in files compliant\nwith the GNU Coding Standards.\n\nAutomake-generated Makefiles made certain directories world-writable when\npreparing source archives, as was recommended by the GNU Coding Standards.\nIf a malicious, local user could access the directory where a victim was\ncreating distribution archives, they could use this flaw to modify the\nfiles being added to those archives. Makefiles generated by these updated\nautomake packages no longer make distribution directories world-writable,\nas recommended by the updated GNU Coding Standards. (CVE-2009-4029)\n\nNote: This issue affected Makefile targets used by developers to prepare\ndistribution source archives. Those targets are not used when compiling\nprograms from the source code.\n\nAll users of automake, automake14, automake15, automake16, and automake17\nshould upgrade to these updated packages, which resolve this issue.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0321",
"url": "https://access.redhat.com/errata/RHSA-2010:0321"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "http://www.gnu.org/prep/standards/html_node/Releases.html",
"url": "http://www.gnu.org/prep/standards/html_node/Releases.html"
},
{
"category": "external",
"summary": "542609",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=542609"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0321.json"
}
],
"title": "Red Hat Security Advisory: automake security update",
"tracking": {
"current_release_date": "2025-09-10T13:47:19+00:00",
"generator": {
"date": "2025-09-10T13:47:19+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.7"
}
},
"id": "RHSA-2010:0321",
"initial_release_date": "2010-03-29T12:00:00+00:00",
"revision_history": [
{
"date": "2010-03-29T12:00:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-03-29T10:44:00+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-10T13:47:19+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::client_workstation"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product": {
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "automake14-0:1.4p6-13.el5.1.src",
"product": {
"name": "automake14-0:1.4p6-13.el5.1.src",
"product_id": "automake14-0:1.4p6-13.el5.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake14@1.4p6-13.el5.1?arch=src"
}
}
},
{
"category": "product_version",
"name": "automake15-0:1.5-16.el5.2.src",
"product": {
"name": "automake15-0:1.5-16.el5.2.src",
"product_id": "automake15-0:1.5-16.el5.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake15@1.5-16.el5.2?arch=src"
}
}
},
{
"category": "product_version",
"name": "automake16-0:1.6.3-8.el5.1.src",
"product": {
"name": "automake16-0:1.6.3-8.el5.1.src",
"product_id": "automake16-0:1.6.3-8.el5.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake16@1.6.3-8.el5.1?arch=src"
}
}
},
{
"category": "product_version",
"name": "automake17-0:1.7.9-7.el5.2.src",
"product": {
"name": "automake17-0:1.7.9-7.el5.2.src",
"product_id": "automake17-0:1.7.9-7.el5.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake17@1.7.9-7.el5.2?arch=src"
}
}
},
{
"category": "product_version",
"name": "automake-0:1.9.6-2.3.el5.src",
"product": {
"name": "automake-0:1.9.6-2.3.el5.src",
"product_id": "automake-0:1.9.6-2.3.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake@1.9.6-2.3.el5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "automake14-0:1.4p6-13.el5.1.noarch",
"product": {
"name": "automake14-0:1.4p6-13.el5.1.noarch",
"product_id": "automake14-0:1.4p6-13.el5.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake14@1.4p6-13.el5.1?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automake15-0:1.5-16.el5.2.noarch",
"product": {
"name": "automake15-0:1.5-16.el5.2.noarch",
"product_id": "automake15-0:1.5-16.el5.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake15@1.5-16.el5.2?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automake16-0:1.6.3-8.el5.1.noarch",
"product": {
"name": "automake16-0:1.6.3-8.el5.1.noarch",
"product_id": "automake16-0:1.6.3-8.el5.1.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake16@1.6.3-8.el5.1?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automake17-0:1.7.9-7.el5.2.noarch",
"product": {
"name": "automake17-0:1.7.9-7.el5.2.noarch",
"product_id": "automake17-0:1.7.9-7.el5.2.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake17@1.7.9-7.el5.2?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automake-0:1.9.6-2.3.el5.noarch",
"product": {
"name": "automake-0:1.9.6-2.3.el5.noarch",
"product_id": "automake-0:1.9.6-2.3.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automake@1.9.6-2.3.el5?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "automake-0:1.9.6-2.3.el5.noarch as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake-0:1.9.6-2.3.el5.noarch"
},
"product_reference": "automake-0:1.9.6-2.3.el5.noarch",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake-0:1.9.6-2.3.el5.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake-0:1.9.6-2.3.el5.src"
},
"product_reference": "automake-0:1.9.6-2.3.el5.src",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake14-0:1.4p6-13.el5.1.noarch as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake14-0:1.4p6-13.el5.1.noarch"
},
"product_reference": "automake14-0:1.4p6-13.el5.1.noarch",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake14-0:1.4p6-13.el5.1.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake14-0:1.4p6-13.el5.1.src"
},
"product_reference": "automake14-0:1.4p6-13.el5.1.src",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake15-0:1.5-16.el5.2.noarch as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake15-0:1.5-16.el5.2.noarch"
},
"product_reference": "automake15-0:1.5-16.el5.2.noarch",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake15-0:1.5-16.el5.2.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake15-0:1.5-16.el5.2.src"
},
"product_reference": "automake15-0:1.5-16.el5.2.src",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake16-0:1.6.3-8.el5.1.noarch as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake16-0:1.6.3-8.el5.1.noarch"
},
"product_reference": "automake16-0:1.6.3-8.el5.1.noarch",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake16-0:1.6.3-8.el5.1.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake16-0:1.6.3-8.el5.1.src"
},
"product_reference": "automake16-0:1.6.3-8.el5.1.src",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake17-0:1.7.9-7.el5.2.noarch as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake17-0:1.7.9-7.el5.2.noarch"
},
"product_reference": "automake17-0:1.7.9-7.el5.2.noarch",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake17-0:1.7.9-7.el5.2.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:automake17-0:1.7.9-7.el5.2.src"
},
"product_reference": "automake17-0:1.7.9-7.el5.2.src",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake-0:1.9.6-2.3.el5.noarch as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake-0:1.9.6-2.3.el5.noarch"
},
"product_reference": "automake-0:1.9.6-2.3.el5.noarch",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake-0:1.9.6-2.3.el5.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake-0:1.9.6-2.3.el5.src"
},
"product_reference": "automake-0:1.9.6-2.3.el5.src",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake14-0:1.4p6-13.el5.1.noarch as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake14-0:1.4p6-13.el5.1.noarch"
},
"product_reference": "automake14-0:1.4p6-13.el5.1.noarch",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake14-0:1.4p6-13.el5.1.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake14-0:1.4p6-13.el5.1.src"
},
"product_reference": "automake14-0:1.4p6-13.el5.1.src",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake15-0:1.5-16.el5.2.noarch as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake15-0:1.5-16.el5.2.noarch"
},
"product_reference": "automake15-0:1.5-16.el5.2.noarch",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake15-0:1.5-16.el5.2.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake15-0:1.5-16.el5.2.src"
},
"product_reference": "automake15-0:1.5-16.el5.2.src",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake16-0:1.6.3-8.el5.1.noarch as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake16-0:1.6.3-8.el5.1.noarch"
},
"product_reference": "automake16-0:1.6.3-8.el5.1.noarch",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake16-0:1.6.3-8.el5.1.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake16-0:1.6.3-8.el5.1.src"
},
"product_reference": "automake16-0:1.6.3-8.el5.1.src",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake17-0:1.7.9-7.el5.2.noarch as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake17-0:1.7.9-7.el5.2.noarch"
},
"product_reference": "automake17-0:1.7.9-7.el5.2.noarch",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automake17-0:1.7.9-7.el5.2.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:automake17-0:1.7.9-7.el5.2.src"
},
"product_reference": "automake17-0:1.7.9-7.el5.2.src",
"relates_to_product_reference": "5Server"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-4029",
"discovery_date": "2009-11-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "542609"
}
],
"notes": [
{
"category": "description",
"text": "The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Automake: Race condition by creation of \"distdir\" based directory hierarchy",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security has rated this issue as having low security impact, theres no plan to address this flaw in automake packages in Red Hat Enterprise Linux 3 and 4.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"5Client-Workstation:automake-0:1.9.6-2.3.el5.noarch",
"5Client-Workstation:automake-0:1.9.6-2.3.el5.src",
"5Client-Workstation:automake14-0:1.4p6-13.el5.1.noarch",
"5Client-Workstation:automake14-0:1.4p6-13.el5.1.src",
"5Client-Workstation:automake15-0:1.5-16.el5.2.noarch",
"5Client-Workstation:automake15-0:1.5-16.el5.2.src",
"5Client-Workstation:automake16-0:1.6.3-8.el5.1.noarch",
"5Client-Workstation:automake16-0:1.6.3-8.el5.1.src",
"5Client-Workstation:automake17-0:1.7.9-7.el5.2.noarch",
"5Client-Workstation:automake17-0:1.7.9-7.el5.2.src",
"5Server:automake-0:1.9.6-2.3.el5.noarch",
"5Server:automake-0:1.9.6-2.3.el5.src",
"5Server:automake14-0:1.4p6-13.el5.1.noarch",
"5Server:automake14-0:1.4p6-13.el5.1.src",
"5Server:automake15-0:1.5-16.el5.2.noarch",
"5Server:automake15-0:1.5-16.el5.2.src",
"5Server:automake16-0:1.6.3-8.el5.1.noarch",
"5Server:automake16-0:1.6.3-8.el5.1.src",
"5Server:automake17-0:1.7.9-7.el5.2.noarch",
"5Server:automake17-0:1.7.9-7.el5.2.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4029"
},
{
"category": "external",
"summary": "RHBZ#542609",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=542609"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4029",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4029"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4029",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4029"
}
],
"release_date": "2009-12-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-03-29T12:00:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"5Client-Workstation:automake-0:1.9.6-2.3.el5.noarch",
"5Client-Workstation:automake-0:1.9.6-2.3.el5.src",
"5Client-Workstation:automake14-0:1.4p6-13.el5.1.noarch",
"5Client-Workstation:automake14-0:1.4p6-13.el5.1.src",
"5Client-Workstation:automake15-0:1.5-16.el5.2.noarch",
"5Client-Workstation:automake15-0:1.5-16.el5.2.src",
"5Client-Workstation:automake16-0:1.6.3-8.el5.1.noarch",
"5Client-Workstation:automake16-0:1.6.3-8.el5.1.src",
"5Client-Workstation:automake17-0:1.7.9-7.el5.2.noarch",
"5Client-Workstation:automake17-0:1.7.9-7.el5.2.src",
"5Server:automake-0:1.9.6-2.3.el5.noarch",
"5Server:automake-0:1.9.6-2.3.el5.src",
"5Server:automake14-0:1.4p6-13.el5.1.noarch",
"5Server:automake14-0:1.4p6-13.el5.1.src",
"5Server:automake15-0:1.5-16.el5.2.noarch",
"5Server:automake15-0:1.5-16.el5.2.src",
"5Server:automake16-0:1.6.3-8.el5.1.noarch",
"5Server:automake16-0:1.6.3-8.el5.1.src",
"5Server:automake17-0:1.7.9-7.el5.2.noarch",
"5Server:automake17-0:1.7.9-7.el5.2.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0321"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"5Client-Workstation:automake-0:1.9.6-2.3.el5.noarch",
"5Client-Workstation:automake-0:1.9.6-2.3.el5.src",
"5Client-Workstation:automake14-0:1.4p6-13.el5.1.noarch",
"5Client-Workstation:automake14-0:1.4p6-13.el5.1.src",
"5Client-Workstation:automake15-0:1.5-16.el5.2.noarch",
"5Client-Workstation:automake15-0:1.5-16.el5.2.src",
"5Client-Workstation:automake16-0:1.6.3-8.el5.1.noarch",
"5Client-Workstation:automake16-0:1.6.3-8.el5.1.src",
"5Client-Workstation:automake17-0:1.7.9-7.el5.2.noarch",
"5Client-Workstation:automake17-0:1.7.9-7.el5.2.src",
"5Server:automake-0:1.9.6-2.3.el5.noarch",
"5Server:automake-0:1.9.6-2.3.el5.src",
"5Server:automake14-0:1.4p6-13.el5.1.noarch",
"5Server:automake14-0:1.4p6-13.el5.1.src",
"5Server:automake15-0:1.5-16.el5.2.noarch",
"5Server:automake15-0:1.5-16.el5.2.src",
"5Server:automake16-0:1.6.3-8.el5.1.noarch",
"5Server:automake16-0:1.6.3-8.el5.1.src",
"5Server:automake17-0:1.7.9-7.el5.2.noarch",
"5Server:automake17-0:1.7.9-7.el5.2.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Automake: Race condition by creation of \"distdir\" based directory hierarchy"
}
]
}
fkie_cve-2009-4029
Vulnerability from fkie_nvd
Published
2009-12-20 02:30
Modified
2025-04-09 00:30
Severity ?
Summary
The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:automake:1.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B2A91930-6A6C-4B56-99DF-8A06F270AEC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F35A4AC-1FA1-49CA-A465-5E0E6E05AC0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:branch:1-9:*:*:*:*:*:*",
"matchCriteriaId": "4D37A8B9-BA44-4543-94C1-E10A4C7F39A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete."
},
{
"lang": "es",
"value": "Las reglas (1) dist o (2) distcheck en GNU Automake v1.11.1, v1.10.3, branch-1-4 a branch-1-9, cuando se genera una distribuci\u00f3n mediante fichero .tar de un paquete que usa Automake, asignan permisos inseguros (777) a los directorios en el \u00e1rbol de construcci\u00f3n, lo que introduce una condici\u00f3n de carrera que permite modificar, a los usuarios locales, el contenido de los archivos del paquete, la introducci\u00f3n de troyanos, o llevar a cabo otros ataques antes de que la construcci\u00f3n se haya completado."
}
],
"id": "CVE-2009-4029",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-12-20T02:30:00.483",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://lists.gnu.org/archive/html/automake-patches/2009-11/msg00017.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00010.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00011.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00013.html"
},
{
"source": "secalert@redhat.com",
"url": "http://savannah.gnu.org/forum/forum.php?forum_id=6077"
},
{
"source": "secalert@redhat.com",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021784.1-1"
},
{
"source": "secalert@redhat.com",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:203"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/514526/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2009/3579"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11717"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://lists.gnu.org/archive/html/automake-patches/2009-11/msg00017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://savannah.gnu.org/forum/forum.php?forum_id=6077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021784.1-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:203"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/514526/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/3579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11717"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "Red Hat is aware of this issue and is tracking it via the following\nbug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-4029\n\nThis issue was addressed in the automake, automake14, automake15, automake16 and automake17 packages as shipped with Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2010-0321.html\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, theres no plan to address this flaw in automake packages in Red Hat Enterprise Linux 3 and 4.",
"lastModified": "2010-03-31T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
gsd-2009-4029
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2009-4029",
"description": "The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.",
"id": "GSD-2009-4029",
"references": [
"https://www.suse.com/security/cve/CVE-2009-4029.html",
"https://access.redhat.com/errata/RHSA-2010:0321",
"https://linux.oracle.com/cve/CVE-2009-4029.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2009-4029"
],
"details": "The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.",
"id": "GSD-2009-4029",
"modified": "2023-12-13T01:19:45.086691Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-4029",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.gnu.org/archive/html/automake-patches/2009-11/msg00017.html",
"refsource": "MISC",
"url": "http://lists.gnu.org/archive/html/automake-patches/2009-11/msg00017.html"
},
{
"name": "http://lists.gnu.org/archive/html/automake/2009-12/msg00010.html",
"refsource": "MISC",
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00010.html"
},
{
"name": "http://lists.gnu.org/archive/html/automake/2009-12/msg00011.html",
"refsource": "MISC",
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00011.html"
},
{
"name": "http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html",
"refsource": "MISC",
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html"
},
{
"name": "http://lists.gnu.org/archive/html/automake/2009-12/msg00013.html",
"refsource": "MISC",
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00013.html"
},
{
"name": "http://savannah.gnu.org/forum/forum.php?forum_id=6077",
"refsource": "MISC",
"url": "http://savannah.gnu.org/forum/forum.php?forum_id=6077"
},
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021784.1-1",
"refsource": "MISC",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021784.1-1"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071",
"refsource": "MISC",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071"
},
{
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:203",
"refsource": "MISC",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:203"
},
{
"name": "http://www.securityfocus.com/archive/1/514526/100/0/threaded",
"refsource": "MISC",
"url": "http://www.securityfocus.com/archive/1/514526/100/0/threaded"
},
{
"name": "http://www.vupen.com/english/advisories/2009/3579",
"refsource": "MISC",
"url": "http://www.vupen.com/english/advisories/2009/3579"
},
{
"name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11717",
"refsource": "MISC",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11717"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:1.11.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:branch:1-9:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:gnu:automake:1.10.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-4029"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[automake] 20091208 GNU Automake 1.10.3 released",
"refsource": "MLIST",
"tags": [],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00011.html"
},
{
"name": "[automake] 20091208 Re: CVE-2009-4029 Automake security fix for \u0027make dist*\u0027",
"refsource": "MLIST",
"tags": [],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00013.html"
},
{
"name": "[automake] 20091208 CVE-2009-4029 Automake security fix for \u0027make dist*\u0027",
"refsource": "MLIST",
"tags": [
"Patch"
],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html"
},
{
"name": "[automake] 20091208 GNU Automake 1.11.1 released",
"refsource": "MLIST",
"tags": [],
"url": "http://lists.gnu.org/archive/html/automake/2009-12/msg00010.html"
},
{
"name": "http://savannah.gnu.org/forum/forum.php?forum_id=6077",
"refsource": "CONFIRM",
"tags": [],
"url": "http://savannah.gnu.org/forum/forum.php?forum_id=6077"
},
{
"name": "[automake-patches] 20091128 [PATCH] do not put world-writable directories in distribution tarballs",
"refsource": "MLIST",
"tags": [
"Exploit"
],
"url": "http://lists.gnu.org/archive/html/automake-patches/2009-11/msg00017.html"
},
{
"name": "ADV-2009-3579",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2009/3579"
},
{
"name": "1021784",
"refsource": "SUNALERT",
"tags": [],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021784.1-1"
},
{
"name": "MDVSA-2010:203",
"refsource": "MANDRIVA",
"tags": [],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:203"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071",
"refsource": "CONFIRM",
"tags": [],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071"
},
{
"name": "oval:org.mitre.oval:def:11717",
"refsource": "OVAL",
"tags": [],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11717"
},
{
"name": "20101027 rPSA-2010-0071-1 automake",
"refsource": "BUGTRAQ",
"tags": [],
"url": "http://www.securityfocus.com/archive/1/514526/100/0/threaded"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2018-10-10T19:48Z",
"publishedDate": "2009-12-20T02:30Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…