ID OPENVAS:861749 Type openvas Reporter Copyright (c) 2010 Greenbone Networks GmbH Modified 2017-12-15T00:00:00
Description
Check for the Version of automake15
###############################################################################
# OpenVAS Vulnerability Test
#
# Fedora Update for automake15 FEDORA-2010-3563
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "Automake is a tool for automatically generating
`Makefile.in' files compliant with the GNU Coding Standards.
This package contains Automake 1.5, an older version of Automake.
You should install it if you need to run automake in a project that
has not yet been updated to work with newer versions of Automake.";
tag_affected = "automake15 on Fedora 12";
tag_solution = "Please Install the Updated Packages.";
if(description)
{
script_xref(name : "URL" , value : "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036413.html");
script_id(861749);
script_version("$Revision: 8130 $");
script_tag(name:"last_modification", value:"$Date: 2017-12-15 07:31:09 +0100 (Fri, 15 Dec 2017) $");
script_tag(name:"creation_date", value:"2010-03-05 12:48:43 +0100 (Fri, 05 Mar 2010)");
script_tag(name:"cvss_base", value:"4.4");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:M/Au:N/C:P/I:P/A:P");
script_xref(name: "FEDORA", value: "2010-3563");
script_cve_id("CVE-2009-4029");
script_name("Fedora Update for automake15 FEDORA-2010-3563");
script_tag(name: "summary" , value: "Check for the Version of automake15");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
script_family("Fedora Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms");
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "insight" , value : tag_insight);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "FC12")
{
if ((res = isrpmvuln(pkg:"automake15", rpm:"automake15~1.5~29.fc12.1", rls:"FC12")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
{"id": "OPENVAS:861749", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Update for automake15 FEDORA-2010-3563", "description": "Check for the Version of automake15", "published": "2010-03-05T00:00:00", "modified": "2017-12-15T00:00:00", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=861749", "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036413.html", "2010-3563"], "cvelist": ["CVE-2009-4029"], "lastseen": "2017-12-15T11:57:59", "viewCount": 0, "enchantments": {"score": {"value": 5.2, "vector": "NONE", "modified": "2017-12-15T11:57:59", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-4029", "CVE-2010-3563"]}, {"type": "oraclelinux", "idList": ["ELSA-2010-0321"]}, {"type": "redhat", "idList": ["RHSA-2010:0321"]}, {"type": "fedora", "idList": ["FEDORA:AA482112650", "FEDORA:936C71125FD", "FEDORA:B52BE111493", "FEDORA:06EBE10F8FF", "FEDORA:91DDD11146F", "FEDORA:3FE1D112563", "FEDORA:7AA8C10F862", "FEDORA:6424F112640", "FEDORA:43EA8112623", "FEDORA:6494D1128D7"]}, {"type": "openvas", "idList": ["OPENVAS:861752", "OPENVAS:1361412562310861612", "OPENVAS:861761", "OPENVAS:1361412562310861748", "OPENVAS:861612", "OPENVAS:861750", "OPENVAS:861705", "OPENVAS:1361412562310861761", "OPENVAS:1361412562310861751", "OPENVAS:1361412562310861705"]}, {"type": "nessus", "idList": ["FEDORA_2010-1148.NASL", "FEDORA_2010-1174.NASL", "REDHAT-RHSA-2010-0321.NASL", "FEDORA_2010-3573.NASL", "SL_20100330_AUTOMAKE_ON_SL5_X.NASL", "FEDORA_2010-1718.NASL", "FEDORA_2010-3520.NASL", "FEDORA_2010-1216.NASL", "FEDORA_2010-3563.NASL", "FEDORA_2010-3569.NASL"]}, {"type": "gentoo", "idList": ["GLSA-201310-15", "GLSA-201412-08"]}], "modified": "2017-12-15T11:57:59", "rev": 2}, "vulnersScore": 5.2}, "pluginID": "861749", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for automake15 FEDORA-2010-3563\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Automake is a tool for automatically generating\n `Makefile.in' files compliant with the GNU Coding Standards.\n\n This package contains Automake 1.5, an older version of Automake.\n You should install it if you need to run automake in a project that\n has not yet been updated to work with newer versions of Automake.\";\n\ntag_affected = \"automake15 on Fedora 12\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036413.html\");\n script_id(861749);\n script_version(\"$Revision: 8130 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-15 07:31:09 +0100 (Fri, 15 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-05 12:48:43 +0100 (Fri, 05 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-3563\");\n script_cve_id(\"CVE-2009-4029\");\n script_name(\"Fedora Update for automake15 FEDORA-2010-3563\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of automake15\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"automake15\", rpm:\"automake15~1.5~29.fc12.1\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "naslFamily": "Fedora Local Security Checks"}
{"cve": [{"lastseen": "2021-02-02T05:40:07", "description": "The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.", "edition": 4, "cvss3": {}, "published": "2009-12-20T02:30:00", "title": "CVE-2009-4029", "type": "cve", "cwe": ["CWE-362"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-4029"], "modified": "2018-10-10T19:48:00", "cpe": ["cpe:/a:gnu:automake:1.11.1", "cpe:/a:gnu:automake:branch", "cpe:/a:gnu:automake:1.10.3"], "id": "CVE-2009-4029", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4029", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:gnu:automake:branch:1-9:*:*:*:*:*:*", "cpe:2.3:a:gnu:automake:1.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:automake:1.10.3:*:*:*:*:*:*:*"]}], "oraclelinux": [{"lastseen": "2019-05-29T18:35:33", "bulletinFamily": "unix", "cvelist": ["CVE-2009-4029"], "description": "[1.9.6-2.3]\n- increase delay in self checks\n- add delays in aclocal7 self check\n http://osdir.com/ml/sysutils.automake.bugs/2006-09/msg00012.html\n- preserve timestamps of configure files\n[1.9.6-2.2]\n- add fix for CVE-2009-4029", "edition": 4, "modified": "2010-04-05T00:00:00", "published": "2010-04-05T00:00:00", "id": "ELSA-2010-0321", "href": "http://linux.oracle.com/errata/ELSA-2010-0321.html", "title": "automake security update", "type": "oraclelinux", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:45:30", "bulletinFamily": "unix", "cvelist": ["CVE-2009-4029"], "description": "Automake is a tool for automatically generating Makefile.in files compliant\nwith the GNU Coding Standards.\n\nAutomake-generated Makefiles made certain directories world-writable when\npreparing source archives, as was recommended by the GNU Coding Standards.\nIf a malicious, local user could access the directory where a victim was\ncreating distribution archives, they could use this flaw to modify the\nfiles being added to those archives. Makefiles generated by these updated\nautomake packages no longer make distribution directories world-writable,\nas recommended by the updated GNU Coding Standards. (CVE-2009-4029)\n\nNote: This issue affected Makefile targets used by developers to prepare\ndistribution source archives. Those targets are not used when compiling\nprograms from the source code.\n\nAll users of automake, automake14, automake15, automake16, and automake17\nshould upgrade to these updated packages, which resolve this issue.", "modified": "2017-09-08T12:19:52", "published": "2010-03-30T04:00:00", "id": "RHSA-2010:0321", "href": "https://access.redhat.com/errata/RHSA-2010:0321", "type": "redhat", "title": "(RHSA-2010:0321) Low: automake security update", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-4029"], "description": "Automake is a tool for automatically generating `Makefile.in' files compliant with the GNU Coding Standards. This package contains Automake 1.6, an older version of Automake. You should install it if you need to run automake in a project that has not yet been updated to work with latest version of Automake. ", "modified": "2010-03-04T00:04:17", "published": "2010-03-04T00:04:17", "id": "FEDORA:91DDD11146F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: automake16-1.6.3-18.fc12.1", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-4029"], "description": "Automake is a tool for automatically generating `Makefile.in' files compliant with the GNU Coding Standards. You should install Automake if you are developing software and would like to use its ability to automatically generate GNU standard Makefiles. If you install Automake, you will also need to install GNU's Autoconf package. ", "modified": "2010-01-02T03:30:29", "published": "2010-01-02T03:30:29", "id": "FEDORA:7AA8C10F862", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: automake-1.11.1-1.fc12", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-4029"], "description": "Automake is a tool for automatically generating `Makefile.in' files compliant with the GNU Coding Standards. This package contains Automake 1.7, an older version of Automake. You should install it if you need to run automake in a project that has not yet been updated to work with latest version of Automake. ", "modified": "2010-03-04T00:18:49", "published": "2010-03-04T00:18:49", "id": "FEDORA:936C71125FD", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: automake17-1.7.9-13.fc11.1", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-4029"], "description": "Automake is a tool for automatically generating `Makefile.in' files compliant with the GNU Coding Standards. This package contains Automake 1.6, an older version of Automake. You should install it if you need to run automake in a project that has not yet been updated to work with latest version of Automake. ", "modified": "2010-03-04T00:22:02", "published": "2010-03-04T00:22:02", "id": "FEDORA:AA482112650", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: automake16-1.6.3-18.fc11.1", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-4029"], "description": "Automake is a tool for automatically generating `Makefile.in' files compliant with the GNU Coding Standards. This package contains Automake 1.4, an older version of Automake. You should install it if you need to run automake in a project that has not yet been updated to work with newer versions of Automake. ", "modified": "2010-03-04T00:18:00", "published": "2010-03-04T00:18:00", "id": "FEDORA:3FE1D112563", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: automake14-1.4p6-20.fc12", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-4029"], "description": "Automake is a tool for automatically generating `Makefile.in' files compliant with the GNU Coding Standards. This package contains Automake 1.7, an older version of Automake. You should install it if you need to run automake in a project that has not yet been updated to work with latest version of Automake. ", "modified": "2010-03-04T00:19:36", "published": "2010-03-04T00:19:36", "id": "FEDORA:6424F112640", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: automake17-1.7.9-13.fc12.1", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-4029"], "description": "Automake is a tool for automatically generating `Makefile.in' files compliant with the GNU Coding Standards. This package contains Automake 1.4, an older version of Automake. You should install it if you need to run automake in a project that has not yet been updated to work with newer versions of Automake. ", "modified": "2010-03-04T00:23:23", "published": "2010-03-04T00:23:23", "id": "FEDORA:6494D1128D7", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: automake14-1.4p6-20.fc11", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-4029"], "description": "Automake is a tool for automatically generating `Makefile.in' files compliant with the GNU Coding Standards. This package contains Automake 1.5, an older version of Automake. You should install it if you need to run automake in a project that has not yet been updated to work with newer versions of Automake. ", "modified": "2010-03-04T00:19:09", "published": "2010-03-04T00:19:09", "id": "FEDORA:43EA8112623", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: automake15-1.5-29.fc11.1", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-4029"], "description": "Automake is a tool for automatically generating `Makefile.in' files compliant with the GNU Coding Standards. You should install Automake if you are developing software and would like to use its ability to automatically generate GNU standard Makefiles. If you install Automake, you will also need to install GNU's Autoconf package. ", "modified": "2010-02-01T01:11:29", "published": "2010-02-01T01:11:29", "id": "FEDORA:06EBE10F8FF", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: automake-1.11.1-1.fc11.1", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-4029"], "description": "Automake is a tool for automatically generating `Makefile.in' files compliant with the GNU Coding Standards. This package contains Automake 1.5, an older version of Automake. You should install it if you need to run automake in a project that has not yet been updated to work with newer versions of Automake. ", "modified": "2010-03-04T00:09:56", "published": "2010-03-04T00:09:56", "id": "FEDORA:B52BE111493", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: automake15-1.5-29.fc12.1", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-17T13:07:36", "description": "Updated automake, automake14, automake15, automake16, and automake17\npackages that fix one security issue are now available for Red Hat\nEnterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nAutomake is a tool for automatically generating Makefile.in files\ncompliant with the GNU Coding Standards.\n\nAutomake-generated Makefiles made certain directories world-writable\nwhen preparing source archives, as was recommended by the GNU Coding\nStandards. If a malicious, local user could access the directory where\na victim was creating distribution archives, they could use this flaw\nto modify the files being added to those archives. Makefiles generated\nby these updated automake packages no longer make distribution\ndirectories world-writable, as recommended by the updated GNU Coding\nStandards. (CVE-2009-4029)\n\nNote: This issue affected Makefile targets used by developers to\nprepare distribution source archives. Those targets are not used when\ncompiling programs from the source code.\n\nAll users of automake, automake14, automake15, automake16, and\nautomake17 should upgrade to these updated packages, which resolve\nthis issue.", "edition": 27, "published": "2010-05-11T00:00:00", "title": "RHEL 5 : automake (RHSA-2010:0321)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4029"], "modified": "2010-05-11T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:automake16", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:automake14", "p-cpe:/a:redhat:enterprise_linux:automake17", "p-cpe:/a:redhat:enterprise_linux:automake15", "p-cpe:/a:redhat:enterprise_linux:automake"], "id": "REDHAT-RHSA-2010-0321.NASL", "href": "https://www.tenable.com/plugins/nessus/46289", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0321. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(46289);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-4029\");\n script_bugtraq_id(37378);\n script_xref(name:\"RHSA\", value:\"2010:0321\");\n\n script_name(english:\"RHEL 5 : automake (RHSA-2010:0321)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated automake, automake14, automake15, automake16, and automake17\npackages that fix one security issue are now available for Red Hat\nEnterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nAutomake is a tool for automatically generating Makefile.in files\ncompliant with the GNU Coding Standards.\n\nAutomake-generated Makefiles made certain directories world-writable\nwhen preparing source archives, as was recommended by the GNU Coding\nStandards. If a malicious, local user could access the directory where\na victim was creating distribution archives, they could use this flaw\nto modify the files being added to those archives. Makefiles generated\nby these updated automake packages no longer make distribution\ndirectories world-writable, as recommended by the updated GNU Coding\nStandards. (CVE-2009-4029)\n\nNote: This issue affected Makefile targets used by developers to\nprepare distribution source archives. Those targets are not used when\ncompiling programs from the source code.\n\nAll users of automake, automake14, automake15, automake16, and\nautomake17 should upgrade to these updated packages, which resolve\nthis issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-4029\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.gnu.org/prep/standards/html_node/Releases.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0321\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:automake\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:automake14\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:automake15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:automake16\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:automake17\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/12/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/05/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0321\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"automake-1.9.6-2.3.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"automake14-1.4p6-13.el5.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"automake15-1.5-16.el5.2\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"automake16-1.6.3-8.el5.1\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"automake17-1.7.9-7.el5.2\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"automake / automake14 / automake15 / automake16 / automake17\");\n }\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:08:39", "description": " - Tue Feb 16 2010 Karsten Hopp <karsten at redhat.com>\n 1.7.9-13.1\n\n - fix CVE-2009-4029\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2010-07-01T00:00:00", "title": "Fedora 12 : automake17-1.7.9-13.fc12.1 (2010-3573)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4029"], "modified": "2010-07-01T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:automake17", "cpe:/o:fedoraproject:fedora:12"], "id": "FEDORA_2010-3573.NASL", "href": "https://www.tenable.com/plugins/nessus/47319", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-3573.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47319);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-4029\");\n script_xref(name:\"FEDORA\", value:\"2010-3573\");\n\n script_name(english:\"Fedora 12 : automake17-1.7.9-13.fc12.1 (2010-3573)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Tue Feb 16 2010 Karsten Hopp <karsten at redhat.com>\n 1.7.9-13.1\n\n - fix CVE-2009-4029\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=542609\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-March/036428.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1965627c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected automake17 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:automake17\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"automake17-1.7.9-13.fc12.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"automake17\");\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:52:50", "description": "A vulnerability was discovered and corrected in automake :\n\nThe (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3,\nand release branches branch-1-4 through branch-1-9, when producing a\ndistribution tarball for a package that uses Automake, assign insecure\npermissions (777) to directories in the build tree, which introduces a\nrace condition that allows local users to modify the contents of\npackage files, introduce Trojan horse programs, or conduct other\nattacks before the build is complete (CVE-2009-4029).\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&products_id=4\n90\n\nThe updated packages have been patched to correct this issue.", "edition": 25, "published": "2010-10-14T00:00:00", "title": "Mandriva Linux Security Advisory : automake (MDVSA-2010:203)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4029"], "modified": "2010-10-14T00:00:00", "cpe": ["cpe:/o:mandriva:linux:2009.0", "p-cpe:/a:mandriva:linux:automake1.7", "cpe:/o:mandriva:linux:2009.1", "cpe:/o:mandriva:linux:2010.1", "p-cpe:/a:mandriva:linux:automake", "cpe:/o:mandriva:linux:2010.0", "p-cpe:/a:mandriva:linux:automake1.4"], "id": "MANDRIVA_MDVSA-2010-203.NASL", "href": "https://www.tenable.com/plugins/nessus/49973", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2010:203. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49973);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-4029\");\n script_bugtraq_id(37378);\n script_xref(name:\"MDVSA\", value:\"2010:203\");\n\n script_name(english:\"Mandriva Linux Security Advisory : automake (MDVSA-2010:203)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability was discovered and corrected in automake :\n\nThe (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3,\nand release branches branch-1-4 through branch-1-9, when producing a\ndistribution tarball for a package that uses Automake, assign insecure\npermissions (777) to directories in the build tree, which introduces a\nrace condition that allows local users to modify the contents of\npackage files, introduce Trojan horse programs, or conduct other\nattacks before the build is complete (CVE-2009-4029).\n\nPackages for 2009.0 are provided as of the Extended Maintenance\nProgram. Please visit this link to learn more:\nhttp://store.mandriva.com/product_info.php?cPath=149&products_id=4\n90\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected automake, automake1.4 and / or automake1.7\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:automake\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:automake1.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:automake1.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", reference:\"automake-1.10.1-2.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"automake1.4-1.4.0.p6-4.1mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"automake1.7-1.7.9-7.1mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.1\", reference:\"automake-1.10.2-2.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"automake1.4-1.4.0.p6-4.1mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"automake1.7-1.7.9-8.1mdv2009.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.0\", reference:\"automake-1.11-2.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"automake1.4-1.4.0.p6-5.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"automake1.7-1.7.9-9.1mdv2010.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.1\", reference:\"automake1.4-1.4.0.p6-6.1mdv2010.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.1\", reference:\"automake1.7-1.7.9-10.1mdv2010.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:08:39", "description": " - Tue Feb 16 2010 Karsten Hopp <karsten at redhat.com>\n 1.6.3-18.1\n\n - fix CVE-2009-4029\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2010-07-01T00:00:00", "title": "Fedora 12 : automake16-1.6.3-18.fc12.1 (2010-3520)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4029"], "modified": "2010-07-01T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:automake16", "cpe:/o:fedoraproject:fedora:12"], "id": "FEDORA_2010-3520.NASL", "href": "https://www.tenable.com/plugins/nessus/47315", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-3520.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47315);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-4029\");\n script_xref(name:\"FEDORA\", value:\"2010-3520\");\n\n script_name(english:\"Fedora 12 : automake16-1.6.3-18.fc12.1 (2010-3520)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Tue Feb 16 2010 Karsten Hopp <karsten at redhat.com>\n 1.6.3-18.1\n\n - fix CVE-2009-4029\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=542609\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-March/036347.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b1f471ed\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected automake16 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:automake16\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"automake16-1.6.3-18.fc12.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"automake16\");\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:07:54", "description": " - Tue Feb 16 2010 Karsten Hopp <karsten at redhat.com>\n 1.5-29.1\n\n - update CVE-2009-4029 patch\n\n - Tue Feb 9 2010 Karsten Hopp <karsten at redhat.com>\n 1.5-29\n\n - add disttag\n\n - Tue Feb 9 2010 Karsten Hopp <karsten at redhat.com>\n 1.5-28\n\n - add fix for CVE-2009-4029\n\n - add buildrequirement flex\n\n - Fri Jul 24 2009 Fedora Release Engineering <rel-eng at\n lists.fedoraproject.org> - 1.5-27\n\n - Rebuilt for\n https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2010-07-01T00:00:00", "title": "Fedora 11 : automake15-1.5-29.fc11.1 (2010-1174)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4029"], "modified": "2010-07-01T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:automake15", "cpe:/o:fedoraproject:fedora:11"], "id": "FEDORA_2010-1174.NASL", "href": "https://www.tenable.com/plugins/nessus/47238", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-1174.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47238);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-4029\");\n script_xref(name:\"FEDORA\", value:\"2010-1174\");\n\n script_name(english:\"Fedora 11 : automake15-1.5-29.fc11.1 (2010-1174)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Tue Feb 16 2010 Karsten Hopp <karsten at redhat.com>\n 1.5-29.1\n\n - update CVE-2009-4029 patch\n\n - Tue Feb 9 2010 Karsten Hopp <karsten at redhat.com>\n 1.5-29\n\n - add disttag\n\n - Tue Feb 9 2010 Karsten Hopp <karsten at redhat.com>\n 1.5-28\n\n - add fix for CVE-2009-4029\n\n - add buildrequirement flex\n\n - Fri Jul 24 2009 Fedora Release Engineering <rel-eng at\n lists.fedoraproject.org> - 1.5-27\n\n - Rebuilt for\n https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=542609\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-March/036426.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?af12b8f8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected automake15 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:automake15\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"automake15-1.5-29.fc11.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"automake15\");\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:07:54", "description": " - Tue Feb 16 2010 Karsten Hopp <karsten at redhat.com>\n 1.6.3-18.1\n\n - fix CVE-2009-4029\n\n - Fri Jul 31 2009 Karsten Hopp <karsten at redhat.com>\n 1.6.3-18\n\n - rebuild\n\n - Thu Jul 30 2009 Karsten Hopp <karsten at redhat.com>\n 1.6.3-17\n\n - fix build problem\n\n - Fri Jul 24 2009 Fedora Release Engineering <rel-eng at\n lists.fedoraproject.org> - 1.6.3-16\n\n - Rebuilt for\n https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2010-07-01T00:00:00", "title": "Fedora 11 : automake16-1.6.3-18.fc11.1 (2010-1148)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4029"], "modified": "2010-07-01T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:automake16", "cpe:/o:fedoraproject:fedora:11"], "id": "FEDORA_2010-1148.NASL", "href": "https://www.tenable.com/plugins/nessus/47235", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-1148.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47235);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-4029\");\n script_xref(name:\"FEDORA\", value:\"2010-1148\");\n\n script_name(english:\"Fedora 11 : automake16-1.6.3-18.fc11.1 (2010-1148)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Tue Feb 16 2010 Karsten Hopp <karsten at redhat.com>\n 1.6.3-18.1\n\n - fix CVE-2009-4029\n\n - Fri Jul 31 2009 Karsten Hopp <karsten at redhat.com>\n 1.6.3-18\n\n - rebuild\n\n - Thu Jul 30 2009 Karsten Hopp <karsten at redhat.com>\n 1.6.3-17\n\n - fix build problem\n\n - Fri Jul 24 2009 Fedora Release Engineering <rel-eng at\n lists.fedoraproject.org> - 1.6.3-16\n\n - Rebuilt for\n https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=542609\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-March/036439.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7b2c0bd6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected automake16 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:automake16\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"automake16-1.6.3-18.fc11.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"automake16\");\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:08:39", "description": " - Tue Feb 16 2010 Karsten Hopp <karsten at redhat.com>\n 1.7.9-13.1\n\n - fix CVE-2009-4029\n\n - Fri Jul 24 2009 Fedora Release Engineering <rel-eng at\n lists.fedoraproject.org> - 1.7.9-13\n\n - Rebuilt for\n https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2010-07-01T00:00:00", "title": "Fedora 11 : automake17-1.7.9-13.fc11.1 (2010-3569)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4029"], "modified": "2010-07-01T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:automake17", "cpe:/o:fedoraproject:fedora:11"], "id": "FEDORA_2010-3569.NASL", "href": "https://www.tenable.com/plugins/nessus/47318", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-3569.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47318);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-4029\");\n script_xref(name:\"FEDORA\", value:\"2010-3569\");\n\n script_name(english:\"Fedora 11 : automake17-1.7.9-13.fc11.1 (2010-3569)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Tue Feb 16 2010 Karsten Hopp <karsten at redhat.com>\n 1.7.9-13.1\n\n - fix CVE-2009-4029\n\n - Fri Jul 24 2009 Fedora Release Engineering <rel-eng at\n lists.fedoraproject.org> - 1.7.9-13\n\n - Rebuilt for\n https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=542609\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-March/036423.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fdfc617b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected automake17 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:automake17\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"automake17-1.7.9-13.fc11.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"automake17\");\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:44:43", "description": "Automake-generated Makefiles made certain directories world-writable\nwhen preparing source archives, as was recommended by the GNU Coding\nStandards. If a malicious, local user could access the directory where\na victim was creating distribution archives, they could use this flaw\nto modify the files being added to those archives. Makefiles generated\nby these updated automake packages no longer make distribution\ndirectories world-writable, as recommended by the updated GNU Coding\nStandards. (CVE-2009-4029)\n\nNote: This issue affected Makefile targets used by developers to\nprepare distribution source archives. Those targets are not used when\ncompiling programs from the source code.", "edition": 24, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : automake on SL5.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4029"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20100330_AUTOMAKE_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60761", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60761);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-4029\");\n\n script_name(english:\"Scientific Linux Security Update : automake on SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Automake-generated Makefiles made certain directories world-writable\nwhen preparing source archives, as was recommended by the GNU Coding\nStandards. If a malicious, local user could access the directory where\na victim was creating distribution archives, they could use this flaw\nto modify the files being added to those archives. Makefiles generated\nby these updated automake packages no longer make distribution\ndirectories world-writable, as recommended by the updated GNU Coding\nStandards. (CVE-2009-4029)\n\nNote: This issue affected Makefile targets used by developers to\nprepare distribution source archives. Those targets are not used when\ncompiling programs from the source code.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1004&L=scientific-linux-errata&T=0&P=2162\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4589f4ce\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"automake-1.9.6-2.3.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"automake14-1.4p6-13.el5.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"automake15-1.5-16.el5.2\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"automake16-1.6.3-8.el5.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"automake17-1.7.9-7.el5.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:07:54", "description": "Fixes CVE-2009-4029\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2010-07-01T00:00:00", "title": "Fedora 11 : automake-1.11.1-1.fc11.1 (2010-1216)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4029"], "modified": "2010-07-01T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:automake", "cpe:/o:fedoraproject:fedora:11"], "id": "FEDORA_2010-1216.NASL", "href": "https://www.tenable.com/plugins/nessus/47240", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-1216.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47240);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-4029\");\n script_bugtraq_id(37378);\n script_xref(name:\"FEDORA\", value:\"2010-1216\");\n\n script_name(english:\"Fedora 11 : automake-1.11.1-1.fc11.1 (2010-1216)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes CVE-2009-4029\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=542609\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-February/034542.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?26430f7e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected automake package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:automake\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"automake-1.11.1-1.fc11.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"automake\");\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:07:03", "description": " - Wed Dec 9 2009 Karsten Hopp <karsten at redhat.com>\n 1.11.1-1\n\n - update to version 1.11.1 to fix CVE-2009-4029\n\n - Tue Dec 1 2009 Karsten Hopp <karsten at redhat.com>\n 1.11-6\n\n - preserve time stamps of man pages (#225302)\n\n - drop MIT from list of licenses\n\n - Wed Nov 4 2009 Stepan Kasal <skasal at redhat.com> -\n 1.11-5\n\n - add even more testsuite build requires\n\n - Wed Nov 4 2009 Stepan Kasal <skasal at redhat.com> -\n 1.11-4\n\n - add build requires for testsuite\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2010-02-25T00:00:00", "title": "Fedora 12 : automake-1.11.1-1.fc12 (2009-13157)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4029"], "modified": "2010-02-25T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:12", "p-cpe:/a:fedoraproject:fedora:automake"], "id": "FEDORA_2009-13157.NASL", "href": "https://www.tenable.com/plugins/nessus/44879", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-13157.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44879);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-4029\");\n script_bugtraq_id(37378);\n script_xref(name:\"FEDORA\", value:\"2009-13157\");\n\n script_name(english:\"Fedora 12 : automake-1.11.1-1.fc12 (2009-13157)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Wed Dec 9 2009 Karsten Hopp <karsten at redhat.com>\n 1.11.1-1\n\n - update to version 1.11.1 to fix CVE-2009-4029\n\n - Tue Dec 1 2009 Karsten Hopp <karsten at redhat.com>\n 1.11-6\n\n - preserve time stamps of man pages (#225302)\n\n - drop MIT from list of licenses\n\n - Wed Nov 4 2009 Stepan Kasal <skasal at redhat.com> -\n 1.11-5\n\n - add even more testsuite build requires\n\n - Wed Nov 4 2009 Stepan Kasal <skasal at redhat.com> -\n 1.11-4\n\n - add build requires for testsuite\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=542609\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-January/033335.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e0fc07f0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected automake package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:automake\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"automake-1.11.1-1.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"automake\");\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2017-12-21T11:32:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4029"], "description": "Check for the Version of automake17", "modified": "2017-12-20T00:00:00", "published": "2010-03-05T00:00:00", "id": "OPENVAS:861761", "href": "http://plugins.openvas.org/nasl.php?oid=861761", "type": "openvas", "title": "Fedora Update for automake17 FEDORA-2010-3569", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for automake17 FEDORA-2010-3569\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Automake is a tool for automatically generating\n `Makefile.in' files compliant with the GNU Coding Standards.\n\n This package contains Automake 1.7, an older version of Automake.\n You should install it if you need to run automake in a project that\n has not yet been updated to work with latest version of Automake.\";\n\ntag_affected = \"automake17 on Fedora 11\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036423.html\");\n script_id(861761);\n script_version(\"$Revision: 8186 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-20 07:30:34 +0100 (Wed, 20 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-05 12:48:43 +0100 (Fri, 05 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-3569\");\n script_cve_id(\"CVE-2009-4029\");\n script_name(\"Fedora Update for automake17 FEDORA-2010-3569\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of automake17\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"automake17\", rpm:\"automake17~1.7.9~13.fc11.1\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-14T11:48:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4029"], "description": "Check for the Version of automake16", "modified": "2017-12-14T00:00:00", "published": "2010-03-05T00:00:00", "id": "OPENVAS:861748", "href": "http://plugins.openvas.org/nasl.php?oid=861748", "type": "openvas", "title": "Fedora Update for automake16 FEDORA-2010-1148", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for automake16 FEDORA-2010-1148\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Automake is a tool for automatically generating\n `Makefile.in' files compliant with the GNU Coding Standards.\n\n This package contains Automake 1.6, an older version of Automake.\n You should install it if you need to run automake in a project that\n has not yet been updated to work with latest version of Automake.\";\n\ntag_affected = \"automake16 on Fedora 11\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036439.html\");\n script_id(861748);\n script_version(\"$Revision: 8109 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-14 07:31:15 +0100 (Thu, 14 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-05 12:48:43 +0100 (Fri, 05 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-1148\");\n script_cve_id(\"CVE-2009-4029\");\n script_name(\"Fedora Update for automake16 FEDORA-2010-1148\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of automake16\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"automake16\", rpm:\"automake16~1.6.3~18.fc11.1\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-06T13:04:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4029"], "description": "Check for the Version of automake", "modified": "2018-01-04T00:00:00", "published": "2010-03-02T00:00:00", "id": "OPENVAS:1361412562310861705", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310861705", "type": "openvas", "title": "Fedora Update for automake FEDORA-2010-1216", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for automake FEDORA-2010-1216\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Automake is a tool for automatically generating `Makefile.in'\n files compliant with the GNU Coding Standards.\n\n You should install Automake if you are developing software and would\n like to use its ability to automatically generate GNU standard\n Makefiles. If you install Automake, you will also need to install\n GNU's Autoconf package.\";\n\ntag_affected = \"automake on Fedora 11\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034542.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.861705\");\n script_version(\"$Revision: 8287 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 08:28:11 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-02 08:38:02 +0100 (Tue, 02 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-1216\");\n script_cve_id(\"CVE-2009-4029\");\n script_name(\"Fedora Update for automake FEDORA-2010-1216\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of automake\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"automake\", rpm:\"automake~1.11.1~1.fc11.1\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-18T11:04:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4029"], "description": "Check for the Version of automake17", "modified": "2018-01-17T00:00:00", "published": "2010-03-05T00:00:00", "id": "OPENVAS:1361412562310861761", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310861761", "type": "openvas", "title": "Fedora Update for automake17 FEDORA-2010-3569", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for automake17 FEDORA-2010-3569\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Automake is a tool for automatically generating\n `Makefile.in' files compliant with the GNU Coding Standards.\n\n This package contains Automake 1.7, an older version of Automake.\n You should install it if you need to run automake in a project that\n has not yet been updated to work with latest version of Automake.\";\n\ntag_affected = \"automake17 on Fedora 11\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036423.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.861761\");\n script_version(\"$Revision: 8440 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 08:58:46 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-05 12:48:43 +0100 (Fri, 05 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-3569\");\n script_cve_id(\"CVE-2009-4029\");\n script_name(\"Fedora Update for automake17 FEDORA-2010-3569\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of automake17\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"automake17\", rpm:\"automake17~1.7.9~13.fc11.1\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-15T11:57:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4029"], "description": "Check for the Version of automake16", "modified": "2017-12-15T00:00:00", "published": "2010-03-05T00:00:00", "id": "OPENVAS:861755", "href": "http://plugins.openvas.org/nasl.php?oid=861755", "type": "openvas", "title": "Fedora Update for automake16 FEDORA-2010-3520", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for automake16 FEDORA-2010-3520\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Automake is a tool for automatically generating\n `Makefile.in' files compliant with the GNU Coding Standards.\n\n This package contains Automake 1.6, an older version of Automake.\n You should install it if you need to run automake in a project that\n has not yet been updated to work with latest version of Automake.\";\n\ntag_affected = \"automake16 on Fedora 12\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036347.html\");\n script_id(861755);\n script_version(\"$Revision: 8130 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-15 07:31:09 +0100 (Fri, 15 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-05 12:48:43 +0100 (Fri, 05 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-3520\");\n script_cve_id(\"CVE-2009-4029\");\n script_name(\"Fedora Update for automake16 FEDORA-2010-3520\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of automake16\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"automake16\", rpm:\"automake16~1.6.3~18.fc12.1\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-03T10:54:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4029"], "description": "Check for the Version of automake16", "modified": "2018-01-02T00:00:00", "published": "2010-03-05T00:00:00", "id": "OPENVAS:1361412562310861755", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310861755", "type": "openvas", "title": "Fedora Update for automake16 FEDORA-2010-3520", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for automake16 FEDORA-2010-3520\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Automake is a tool for automatically generating\n `Makefile.in' files compliant with the GNU Coding Standards.\n\n This package contains Automake 1.6, an older version of Automake.\n You should install it if you need to run automake in a project that\n has not yet been updated to work with latest version of Automake.\";\n\ntag_affected = \"automake16 on Fedora 12\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036347.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.861755\");\n script_version(\"$Revision: 8269 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 08:28:22 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-05 12:48:43 +0100 (Fri, 05 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-3520\");\n script_cve_id(\"CVE-2009-4029\");\n script_name(\"Fedora Update for automake16 FEDORA-2010-3520\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of automake16\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"automake16\", rpm:\"automake16~1.6.3~18.fc12.1\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-14T11:49:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4029"], "description": "Check for the Version of automake", "modified": "2017-12-13T00:00:00", "published": "2010-01-15T00:00:00", "id": "OPENVAS:861612", "href": "http://plugins.openvas.org/nasl.php?oid=861612", "type": "openvas", "title": "Fedora Update for automake FEDORA-2009-13157", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for automake FEDORA-2009-13157\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Automake is a tool for automatically generating `Makefile.in'\n files compliant with the GNU Coding Standards.\n\n You should install Automake if you are developing software and would\n like to use its ability to automatically generate GNU standard\n Makefiles. If you install Automake, you will also need to install\n GNU's Autoconf package.\";\n\ntag_affected = \"automake on Fedora 12\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2010-January/msg00012.html\");\n script_id(861612);\n script_version(\"$Revision: 8092 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-13 07:31:16 +0100 (Wed, 13 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-01-15 10:29:41 +0100 (Fri, 15 Jan 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2009-13157\");\n script_cve_id(\"CVE-2009-4029\");\n script_name(\"Fedora Update for automake FEDORA-2009-13157\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of automake\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"automake\", rpm:\"automake~1.11.1~1.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-15T11:57:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4029"], "description": "Check for the Version of automake", "modified": "2017-12-15T00:00:00", "published": "2010-03-02T00:00:00", "id": "OPENVAS:861705", "href": "http://plugins.openvas.org/nasl.php?oid=861705", "type": "openvas", "title": "Fedora Update for automake FEDORA-2010-1216", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for automake FEDORA-2010-1216\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Automake is a tool for automatically generating `Makefile.in'\n files compliant with the GNU Coding Standards.\n\n You should install Automake if you are developing software and would\n like to use its ability to automatically generate GNU standard\n Makefiles. If you install Automake, you will also need to install\n GNU's Autoconf package.\";\n\ntag_affected = \"automake on Fedora 11\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034542.html\");\n script_id(861705);\n script_version(\"$Revision: 8130 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-15 07:31:09 +0100 (Fri, 15 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-02 08:38:02 +0100 (Tue, 02 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-1216\");\n script_cve_id(\"CVE-2009-4029\");\n script_name(\"Fedora Update for automake FEDORA-2010-1216\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of automake\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"automake\", rpm:\"automake~1.11.1~1.fc11.1\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4029"], "description": "Oracle Linux Local Security Checks ELSA-2010-0321", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310122372", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122372", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2010-0321", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2010-0321.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122372\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:17:42 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2010-0321\");\n script_tag(name:\"insight\", value:\"ELSA-2010-0321 - automake security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2010-0321\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2010-0321.html\");\n script_cve_id(\"CVE-2009-4029\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"automake\", rpm:\"automake~1.9.6~2.3.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"automake14\", rpm:\"automake14~1.4p6~13.el5.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"automake15\", rpm:\"automake15~1.5~16.el5.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"automake16\", rpm:\"automake16~1.6.3~8.el5.1\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"automake17\", rpm:\"automake17~1.7.9~7.el5.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-22T13:05:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4029"], "description": "Check for the Version of automake", "modified": "2018-01-22T00:00:00", "published": "2010-04-06T00:00:00", "id": "OPENVAS:1361412562310870245", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870245", "type": "openvas", "title": "RedHat Update for automake RHSA-2010:0321-04", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for automake RHSA-2010:0321-04\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Automake is a tool for automatically generating Makefile.in files compliant\n with the GNU Coding Standards.\n\n Automake-generated Makefiles made certain directories world-writable when\n preparing source archives, as was recommended by the GNU Coding Standards.\n If a malicious, local user could access the directory where a victim was\n creating distribution archives, they could use this flaw to modify the\n files being added to those archives. Makefiles generated by these updated\n automake packages no longer make distribution directories world-writable,\n as recommended by the updated GNU Coding Standards. (CVE-2009-4029)\n \n Note: This issue affected Makefile targets used by developers to prepare\n distribution source archives. Those targets are not used when compiling\n programs from the source code.\n \n All users of automake, automake14, automake15, automake16, and automake17\n should upgrade to these updated packages, which resolve this issue.\";\n\ntag_affected = \"automake on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-March/msg00038.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870245\");\n script_version(\"$Revision: 8485 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 08:57:57 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-06 08:56:44 +0200 (Tue, 06 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2010:0321-04\");\n script_cve_id(\"CVE-2009-4029\");\n script_name(\"RedHat Update for automake RHSA-2010:0321-04\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of automake\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"automake\", rpm:\"automake~1.9.6~2.3.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"automake14\", rpm:\"automake14~1.4p6~13.el5.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"automake15\", rpm:\"automake15~1.5~16.el5.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"automake16\", rpm:\"automake16~1.6.3~8.el5.1\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"automake17\", rpm:\"automake17~1.7.9~7.el5.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:45:59", "bulletinFamily": "unix", "cvelist": ["CVE-2009-4029", "CVE-2012-3386"], "description": "### Background\n\nGNU Automake is a tool for automatically generating Makefile.in files compliant with the GNU Coding Standards. \n\n### Description\n\nMultiple vulnerabilities have been discovered in GNU Automake. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA local attacker could execute arbitrary commands with the privileges of the user running an Automake-based build. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Automake users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-devel/automake-1.11.6\"", "edition": 1, "modified": "2013-10-25T00:00:00", "published": "2013-10-25T00:00:00", "id": "GLSA-201310-15", "href": "https://security.gentoo.org/glsa/201310-15", "type": "gentoo", "title": "GNU Automake: Multiple vulnerabilities", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-06T19:46:16", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2060", "CVE-2009-4411", "CVE-2008-0553", "CVE-2009-0946", "CVE-2010-1511", "CVE-2009-0361", "CVE-2008-6218", "CVE-2008-5907", "CVE-2010-0436", "CVE-2010-1205", "CVE-2007-2741", "CVE-2010-0829", "CVE-2009-4896", "CVE-2010-2945", "CVE-2010-2809", "CVE-2009-0040", "CVE-2010-2192", "CVE-2010-2056", "CVE-2009-2042", "CVE-2010-0001", "CVE-2008-6661", "CVE-2010-2529", "CVE-2009-4029", "CVE-2006-3005", "CVE-2010-2251", "CVE-2009-0360", "CVE-2010-0732", "CVE-2008-1382", "CVE-2009-3736", "CVE-2010-1000", "CVE-2009-2624"], "description": "### Background\n\nFor more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild. \n\n### Description\n\nVulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. \n\n * Insight\n * Perl Tk Module\n * Source-Navigator\n * Tk\n * Partimage\n * Mlmmj\n * acl\n * Xinit\n * gzip\n * ncompress\n * liblzw\n * splashutils\n * GNU M4\n * KDE Display Manager\n * GTK+\n * KGet\n * dvipng\n * Beanstalk\n * Policy Mount\n * pam_krb5\n * GNU gv\n * LFTP\n * Uzbl\n * Slim\n * Bitdefender Console\n * iputils\n * DVBStreamer\n\n### Impact\n\nA context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. \n\n### Workaround\n\nThere are no known workarounds at this time.\n\n### Resolution\n\nAll Insight users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-util/insight-6.7.1-r1\"\n \n\nAll Perl Tk Module users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-perl/perl-tk-804.028-r2\"\n \n\nAll Source-Navigator users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-util/sourcenav-5.1.4\"\n \n\nAll Tk users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-lang/tk-8.4.18-r1\"\n \n\nAll Partimage users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-block/partimage-0.6.8\"\n \n\nAll Mlmmj users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-mail/mlmmj-1.2.17.1\"\n \n\nAll acl users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-apps/acl-2.2.49\"\n \n\nAll Xinit users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-apps/xinit-1.2.0-r4\"\n \n\nAll gzip users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-arch/gzip-1.4\"\n \n\nAll ncompress users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-arch/ncompress-4.2.4.3\"\n \n\nAll liblzw users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/liblzw-0.2\"\n \n\nAll splashutils users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=media-gfx/splashutils-1.5.4.3-r3\"\n \n\nAll GNU M4 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-devel/m4-1.4.14-r1\"\n \n\nAll KDE Display Manager users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=kde-base/kdm-4.3.5-r1\"\n \n\nAll GTK+ users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-libs/gtk+-2.18.7\"\n \n\nAll KGet 4.3 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=kde-base/kget-4.3.5-r1\"\n \n\nAll dvipng users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/dvipng-1.13\"\n \n\nAll Beanstalk users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-misc/beanstalkd-1.4.6\"\n \n\nAll Policy Mount users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-apps/pmount-0.9.23\"\n \n\nAll pam_krb5 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-auth/pam_krb5-4.3\"\n \n\nAll GNU gv users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/gv-3.7.1\"\n \n\nAll LFTP users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-ftp/lftp-4.0.6\"\n \n\nAll Uzbl users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-client/uzbl-2010.08.05\"\n \n\nAll Slim users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=x11-misc/slim-1.3.2\"\n \n\nAll iputils users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/iputils-20100418\"\n \n\nAll DVBStreamer users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-tv/dvbstreamer-1.1-r1\"\n \n\nGentoo has discontinued support for Bitdefender Console. We recommend that users unmerge Bitdefender Console: \n \n \n # emerge --unmerge \"app-antivirus/bitdefender-console\"\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures have been available since 2011. It is likely that your system is already no longer affected by these issues.", "edition": 1, "modified": "2014-12-11T00:00:00", "published": "2014-12-11T00:00:00", "id": "GLSA-201412-08", "href": "https://security.gentoo.org/glsa/201412-08", "type": "gentoo", "title": "Multiple packages, Multiple vulnerabilities fixed in 2010", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
