Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2014:1243
HistorySep 30, 2014 - 11:21 a.m.

automake security update

2014-09-3011:21:28
CentOS Project
lists.centos.org
40

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.1%

JSON

CentOS Errata and Security Advisory CESA-2014:1243

Automake is a tool for automatically generating Makefile.in files compliant
with the GNU Coding Standards.

It was found that the distcheck rule in Automake-generated Makefiles made a
directory world-writable when preparing source archives. If a malicious,
local user could access this directory, they could execute arbitrary code
with the privileges of the user running “make distcheck”. (CVE-2012-3386)

Red Hat would like to thank Jim Meyering for reporting this issue. Upstream
acknowledges Stefano Lattarini as the original reporter.

All automake users are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2014-September/082769.html

Affected packages:
automake

Upstream details at:
https://access.redhat.com/errata/RHSA-2014:1243

OSVersionArchitecturePackageVersionFilename
CentOS5noarchautomake< 1.9.6-3.el5automake-1.9.6-3.el5.noarch.rpm
CentOS5noarchautomake< 1.9.6-3.el5automake-1.9.6-3.el5.noarch.rpm

Related

cve 1
nessus 25
centos 1
fedora 5
ubuntucve 1
veracode 1
redhat 2
openvas 26
freebsd 1
oraclelinux 2
amazon 1
cvelist 1
suse 1
nvd 1
debiancve 1
securityvulns 2
altlinux 1
prion 1
gentoo 1
slackware 1
cve
cve
CVE-2012-3386
2012-08-07 21:55:01
nessus
nessus
FreeBSD : automake -- Insecure 'distcheck' recipe granted world-writable distdir (36235c38-e0a8-11e1-9f4d-002354ed89bc)
2012-08-08 00:00:00
Amazon Linux AMI : automake19 (ALAS-2014-401)
2014-10-12 00:00:00
Oracle Linux 6 : automake (ELSA-2013-0526)
2013-07-12 00:00:00
centos
centos
automake security update
2013-02-27 19:33:58
fedora
fedora
[SECURITY] Fedora 17 Update: automake-1.11.6-1.fc17
2012-09-19 03:09:42
[SECURITY] Fedora 16 Update: automake-1.11.6-1.fc16
2012-09-22 00:08:49
[SECURITY] Fedora 18 Update: automake17-1.7.9-17.fc18
2012-10-04 03:42:04
ubuntucve
ubuntucve
CVE-2012-3386
2012-08-07 00:00:00
veracode
veracode
Arbitrary Code Execution
2019-01-15 08:57:51
redhat
redhat
(RHSA-2014:1243) Low: automake security update
2014-09-16 00:00:00
(RHSA-2013:0526) Low: automake security update
2013-02-21 00:00:00
openvas
openvas
FreeBSD Ports: automake
2012-08-10 00:00:00
Fedora Update for automake17 FEDORA-2012-14779
2012-10-05 00:00:00
RedHat Update for automake RHSA-2013:0526-02
2013-02-22 00:00:00
freebsd
freebsd
automake -- Insecure 'distcheck' recipe granted world-writable distdir
2012-07-09 00:00:00
oraclelinux
oraclelinux
automake security update
2014-09-17 00:00:00
automake security update
2013-02-22 00:00:00
amazon
amazon
Low: automake19
2014-09-17 21:41:00
cvelist
cvelist
CVE-2012-3386
2012-08-07 21:00:00
suse
suse
Security update for wdiff (moderate)
2022-06-25 00:00:00
nvd
nvd
CVE-2012-3386
2012-08-07 21:55:01
debiancve
debiancve
CVE-2012-3386
2012-08-07 21:55:01
securityvulns
securityvulns
automake race conditions
2012-07-16 00:00:00
[ MDVSA-2012:103 ] automake
2012-07-16 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 7 package automake_1.10 version 1:1.10.3-alt2
2012-09-09 00:00:00
prion
prion
Race condition
2012-08-07 21:55:00
gentoo
gentoo
GNU Automake: Multiple vulnerabilities
2013-10-25 00:00:00
slackware
slackware
[slackware-security] libpng
2012-07-25 03:00:37

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for CESA-2014:1243
cve1nessus25centos1fedora5ubuntucve1veracode1redhat2openvas26freebsd1oraclelinux2amazon1cvelist1suse1nvd1debiancve1securityvulns2altlinux1prion1gentoo1slackware1