MiracleLinux 4 : automake-1.11.1-4.AXS4 (AXSA:2013-199:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2013-199:01 advisory. Automake is a tool for automatically generating Makefile.in' files compliant with the GNU Coding Standards. You should install Automake if you are developing...

EUVD-2009-4105

Malware in sbrugna...

SUSE CVE-2009-4135

The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp...

SUSE CVE-2012-3386

The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors...

Arbitrary Code Execution

automake is vulnerable to arbitrary code execution attacks. The vulnerability exists as the "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to...

Oracle: Security Advisory (ELSA-2014-1243)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-2473-1 coreutils vulnerabilities

It was discovered that the distcheck rule in dist-check.mk in GNU coreutils allows local users to gain privileges via a symlink attack on a directory tree under /tmp. This issue only affected Ubuntu 10.04 LTS. CVE-2009-4135 Bertrand Jacquin and Fiedler Roman discovered date and touch incorrectly...

automake: locally exploitable "make distcheck" bug

It was found that the distcheck rule in Automake-generated Makefiles made a directory world-writable when preparing source archives. If a malicious, local user could access this directory, they could execute arbitrary code with the privileges of the user running "make distcheck"...

automake security update

CentOS Errata and Security Advisory CESA-2013:0526 An updated automake package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base...

automake: locally exploitable "make distcheck" bug

It was found that the distcheck rule in Automake-generated Makefiles made a directory world-writable when preparing source archives. If a malicious, local user could access this directory, they could execute arbitrary code with the privileges of the user running "make distcheck"...

FreeBSD : automake -- Insecure 'distcheck' recipe granted world-writable distdir (36235c38-e0a8-11e1-9f4d-002354ed89bc)

GNU reports : The recipe of the 'distcheck' target granted temporary world-write permissions on the extracted distdir. This introduced a locally exploitable race condition for those who run 'make distcheck' with a non-restrictive umask e.g., 022 in a directory that was accessible by others. A...

DEBIAN-CVE-2012-3386

The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors...

Race condition

The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors...

FreeBSD : automake -- Insecure 'distcheck' recipe granted world-writable distdir (10f38033-e006-11e1-9304-000000000000)

GNU reports : The recipe of the 'distcheck' target granted temporary world-write permissions on the extracted distdir. This introduced a locally exploitable race condition for those who run 'make distcheck' with a non-restrictive umask e.g., 022 in a directory that was accessible by others. A...

automake -- Insecure 'distcheck' recipe granted world-writable distdir

GNU reports: The recipe of the 'distcheck' target granted temporary world-write permissions on the extracted distdir. This introduced a locally exploitable race condition for those who run "make distcheck" with a non-restrictive umask e.g., 022 in a directory that was accessible by others. A...

CVE-2009-4135

The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp...

CVE-2009-4135

CVE-2009-4135 affects GNU Coreutils (versions 5.2.1–8.1). The issue lies in the distcheck rule in dist-check.mk, enabling a local user to gain privileges via a symbolic-link attack to a file under /tmp. Multiple advisories confirm an insecure temporary file handling as the root cause; several fee...

PT-2009-6308 · Gnu +1 · Gnu Coreutils +1

Name of the Vulnerable Software and Affected Versions: GNU coreutils versions 5.2.1 through 8.1 Description: The issue allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp. This is related to the distcheck rule in dist-check.mk. Recommendations: For...