Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amazonAmazonALAS-2014-401
HistorySep 17, 2014 - 9:41 p.m.

Low: automake19

2014-09-1721:41:00
alas.aws.amazon.com
11

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.1%

JSON

Issue Overview:

It was found that the distcheck rule in Automake-generated Makefiles made a directory world-writable when preparing source archives. If a malicious, local user could access this directory, they could execute arbitrary code with the privileges of the user running “make distcheck”.

Affected Packages:

automake19

Issue Correction:
Run yum update automake19 to update your system.

New Packages:

noarch:  
    automake19-1.9.6-3.12.amzn1.noarch  
  
src:  
    automake19-1.9.6-3.12.amzn1.src

Additional References

Red Hat: CVE-2012-3386

Mitre: CVE-2012-3386

OSVersionArchitecturePackageVersionFilename
Amazon Linux1noarchautomake19< 1.9.6-3.12.amzn1automake19-1.9.6-3.12.amzn1.noarch.rpm

Related

cve 1
nessus 25
centos 2
fedora 5
ubuntucve 1
veracode 1
redhat 2
openvas 26
freebsd 1
oraclelinux 2
cvelist 1
suse 1
nvd 1
debiancve 1
securityvulns 2
altlinux 1
prion 1
gentoo 1
slackware 1
cve
cve
CVE-2012-3386
2012-08-07 21:55:01
nessus
nessus
FreeBSD : automake -- Insecure 'distcheck' recipe granted world-writable distdir (36235c38-e0a8-11e1-9f4d-002354ed89bc)
2012-08-08 00:00:00
Amazon Linux AMI : automake19 (ALAS-2014-401)
2014-10-12 00:00:00
Oracle Linux 6 : automake (ELSA-2013-0526)
2013-07-12 00:00:00
centos
centos
automake security update
2013-02-27 19:33:58
automake security update
2014-09-30 11:21:28
fedora
fedora
[SECURITY] Fedora 17 Update: automake-1.11.6-1.fc17
2012-09-19 03:09:42
[SECURITY] Fedora 16 Update: automake-1.11.6-1.fc16
2012-09-22 00:08:49
[SECURITY] Fedora 18 Update: automake17-1.7.9-17.fc18
2012-10-04 03:42:04
ubuntucve
ubuntucve
CVE-2012-3386
2012-08-07 00:00:00
veracode
veracode
Arbitrary Code Execution
2019-01-15 08:57:51
redhat
redhat
(RHSA-2014:1243) Low: automake security update
2014-09-16 00:00:00
(RHSA-2013:0526) Low: automake security update
2013-02-21 00:00:00
openvas
openvas
FreeBSD Ports: automake
2012-08-10 00:00:00
Fedora Update for automake17 FEDORA-2012-14779
2012-10-05 00:00:00
RedHat Update for automake RHSA-2013:0526-02
2013-02-22 00:00:00
freebsd
freebsd
automake -- Insecure 'distcheck' recipe granted world-writable distdir
2012-07-09 00:00:00
oraclelinux
oraclelinux
automake security update
2014-09-17 00:00:00
automake security update
2013-02-22 00:00:00
cvelist
cvelist
CVE-2012-3386
2012-08-07 21:00:00
suse
suse
Security update for wdiff (moderate)
2022-06-25 00:00:00
nvd
nvd
CVE-2012-3386
2012-08-07 21:55:01
debiancve
debiancve
CVE-2012-3386
2012-08-07 21:55:01
securityvulns
securityvulns
automake race conditions
2012-07-16 00:00:00
[ MDVSA-2012:103 ] automake
2012-07-16 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 7 package automake_1.10 version 1:1.10.3-alt2
2012-09-09 00:00:00
prion
prion
Race condition
2012-08-07 21:55:00
gentoo
gentoo
GNU Automake: Multiple vulnerabilities
2013-10-25 00:00:00
slackware
slackware
[slackware-security] libpng
2012-07-25 03:00:37

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for ALAS-2014-401
cve1nessus25centos2fedora5ubuntucve1veracode1redhat2openvas26freebsd1oraclelinux2cvelist1suse1nvd1debiancve1securityvulns2altlinux1prion1gentoo1slackware1