Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.4
CVSSv2

CVE-2009-4029

Published: 20/12/2009 Updated: 10/10/2018
CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4
VMScore: 392
Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Automake

Vulnerability Summary

The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.

Vulnerable Product Search on Vulmon Subscribe to Product

gnu automake 1.11.1

gnu automake branch

gnu automake 1.10.3

Vendor Advisories

Red Hat: Low: automake security update
Synopsis Low: automake security update Type/Severity Security Advisory: Low Topic Updated automake, automake14, automake15, automake16, and automake17packages that fix one security issue are now available for Red HatEnterprise Linux 5The Red Hat Security Response Team has rated this update as having lowsec ...

References

CWE-362http://lists.gnu.org/archive/html/automake/2009-12/msg00011.htmlhttp://lists.gnu.org/archive/html/automake/2009-12/msg00013.htmlhttp://lists.gnu.org/archive/html/automake/2009-12/msg00012.htmlhttp://lists.gnu.org/archive/html/automake/2009-12/msg00010.htmlhttp://savannah.gnu.org/forum/forum.php?forum_id=6077http://lists.gnu.org/archive/html/automake-patches/2009-11/msg00017.htmlhttp://www.vupen.com/english/advisories/2009/3579http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021784.1-1http://www.mandriva.com/security/advisories?name=MDVSA-2010:203http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11717http://www.securityfocus.com/archive/1/514526/100/0/threadedhttps://access.redhat.com/errata/RHSA-2010:0321https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook