Lucene search

K

[email protected]NVD:CVE-2012-3386

HistoryAug 07, 2012 - 9:55 p.m.

CVE-2012-3386

2012-08-0721:55:01

CWE-264

CWE-362

[email protected]

web.nvd.nist.gov

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

The “make distcheck” rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors.

Affected configurations

NVD

Node

gnuautomakeRange≤1.11.5

OR

gnuautomakeMatch1.0

OR

gnuautomakeMatch1.2

OR

gnuautomakeMatch1.3

OR

gnuautomakeMatch1.4

OR

gnuautomakeMatch1.4p1

OR

gnuautomakeMatch1.4p2

OR

gnuautomakeMatch1.4p3

OR

gnuautomakeMatch1.4p4

OR

gnuautomakeMatch1.4p5

OR

gnuautomakeMatch1.4p6

OR

gnuautomakeMatch1.5

OR

gnuautomakeMatch1.6

OR

gnuautomakeMatch1.6.1

OR

gnuautomakeMatch1.6.2

OR

gnuautomakeMatch1.6.3

OR

gnuautomakeMatch1.7

OR

gnuautomakeMatch1.7.1

OR

gnuautomakeMatch1.7.2

OR

gnuautomakeMatch1.7.3

OR

gnuautomakeMatch1.7.4

OR

gnuautomakeMatch1.7.5

OR

gnuautomakeMatch1.7.6

OR

gnuautomakeMatch1.7.7

OR

gnuautomakeMatch1.7.8

OR

gnuautomakeMatch1.7.9

OR

gnuautomakeMatch1.8

OR

gnuautomakeMatch1.8.1

OR

gnuautomakeMatch1.8.2

OR

gnuautomakeMatch1.8.3

OR

gnuautomakeMatch1.8.4

OR

gnuautomakeMatch1.8.5

OR

gnuautomakeMatch1.9

OR

gnuautomakeMatch1.9.1

OR

gnuautomakeMatch1.9.2

OR

gnuautomakeMatch1.9.3

OR

gnuautomakeMatch1.9.4

OR

gnuautomakeMatch1.9.5

OR

gnuautomakeMatch1.9.6

OR

gnuautomakeMatch1.10

OR

gnuautomakeMatch1.10.0.3

OR

gnuautomakeMatch1.10.1

OR

gnuautomakeMatch1.10.2

OR

gnuautomakeMatch1.10.3

OR

gnuautomakeMatch1.11.1

OR

gnuautomakeMatch1.11.2

OR

gnuautomakeMatch1.11.3

OR

gnuautomakeMatch1.11.4

OR

gnuautomakeMatch1.12

OR

gnuautomakeMatch1.12.1

References

git.savannah.gnu.org/cgit/automake.git/commit/?id=784b3e6ccc7c72a1c95c340cbbe8897d6b689d76

lists.fedoraproject.org/pipermail/package-announce/2012-October/089187.html

lists.fedoraproject.org/pipermail/package-announce/2012-September/087538.html

lists.fedoraproject.org/pipermail/package-announce/2012-September/087665.html

lists.opensuse.org/opensuse-updates/2012-11/msg00038.html

rhn.redhat.com/errata/RHSA-2013-0526.html

www.mandriva.com/security/advisories?name=MDVSA-2012:103

lists.gnu.org/archive/html/automake/2012-07/msg00021.html

lists.gnu.org/archive/html/automake/2012-07/msg00022.html

lists.gnu.org/archive/html/automake/2012-07/msg00023.html

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

Related for NVD:CVE-2012-3386

cve1 nessus25 centos2 fedora5 ubuntucve1 veracode1 redhat2 openvas26 oraclelinux2 freebsd1 securityvulns2 altlinux1 prion1 amazon1 cvelist1 suse1 debiancve1 gentoo1 slackware1