CVE-2012-3386

CVE-2012-3386 affects GNU Automake before 1.11.6 and 1.12.x before 1.12.2. The make distcheck rule can grant world-writable permissions to the extraction directory, creating a race condition that could allow a local user to execute arbitrary code via unspecified vectors. Affected vendors/distribu...

CVE-2009-4029

CVE-2009-4029 affects GNU Automake 1.11.1, 1.10.3 and release branches branch-1-4 through branch-1-9. The vulnerability arises when producing a distribution tarball: the dist or distcheck rules assign insecure permissions (777) to directories in the build tree, creating a race that allows local u...