4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
automake is vulnerable to arbitrary code execution attacks. The vulnerability exists as the “make distcheck” rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors.
CPE | Name | Operator | Version |
---|---|---|---|
automake | eq | 1.9.6__2.3.el5 | |
automake | eq | 1.11.1__1.2.el6 | |
automake | eq | 1.9.6__2.3.el5 | |
automake | eq | 1.11.1__1.2.el6 |
git.savannah.gnu.org/cgit/automake.git/commit/?id=784b3e6ccc7c72a1c95c340cbbe8897d6b689d76
lists.fedoraproject.org/pipermail/package-announce/2012-October/089187.html
lists.fedoraproject.org/pipermail/package-announce/2012-September/087538.html
lists.fedoraproject.org/pipermail/package-announce/2012-September/087665.html
lists.opensuse.org/opensuse-updates/2012-11/msg00038.html
rhn.redhat.com/errata/RHSA-2013-0526.html
www.mandriva.com/security/advisories?name=MDVSA-2012:103
access.redhat.com/errata/RHSA-2013:0526
access.redhat.com/errata/RHSA-2014:1243
access.redhat.com/security/cve/CVE-2012-3386
access.redhat.com/security/updates/classification/#low
bugzilla.redhat.com/show_bug.cgi?id=838286
lists.gnu.org/archive/html/automake/2012-07/msg00021.html
lists.gnu.org/archive/html/automake/2012-07/msg00022.html
lists.gnu.org/archive/html/automake/2012-07/msg00023.html
rhn.redhat.com/errata/RHSA-2013-0526.html