4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.3%
The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and
release branches branch-1-4 through branch-1-9, when producing a
distribution tarball for a package that uses Automake, assign insecure
permissions (777) to directories in the build tree, which introduces a race
condition that allows local users to modify the contents of package files,
introduce Trojan horse programs, or conduct other attacks before the build
is complete.