Executive Summary
Informations | |||
---|---|---|---|
Name | MDVSA-2010:203 | First vendor Publication | 2010-10-13 |
Vendor | Mandriva | Last vendor Modification | 2010-10-13 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 4.4 | Attack Range | Local |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 3.4 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability was discovered and corrected in automake: The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete (CVE-2009-4029). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2010:203 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-362 | Race Condition |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11717 | |||
Oval ID: | oval:org.mitre.oval:def:11717 | ||
Title: | The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete. | ||
Description: | The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-4029 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22010 | |||
Oval ID: | oval:org.mitre.oval:def:22010 | ||
Title: | RHSA-2010:0321: automake security update (Low) | ||
Description: | The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0321-04 CVE-2009-4029 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | automake automake14 automake15 automake16 automake17 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22739 | |||
Oval ID: | oval:org.mitre.oval:def:22739 | ||
Title: | ELSA-2010:0321: automake security update (Low) | ||
Description: | The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0321-04 CVE-2009-4029 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | automake automake14 automake15 automake16 automake17 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:25255 | |||
Oval ID: | oval:org.mitre.oval:def:25255 | ||
Title: | SUSE-SU-2013:1329-1 -- Security update for automake | ||
Description: | This update of automake fixes a race condition in "distcheck". (CVE-2012-3386) Also a bug where world writeable tarballs were generated during "make dist" has been fixed (CVE-2009-4029). | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2013:1329-1 CVE-2012-3386 CVE-2009-4029 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Server 11 | Product(s): | automake |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:27954 | |||
Oval ID: | oval:org.mitre.oval:def:27954 | ||
Title: | DEPRECATED: ELSA-2010-0321 -- automake security update (low) | ||
Description: | [1.9.6-2.3] - increase delay in self checks - add delays in aclocal7 self check http://osdir.com/ml/sysutils.automake.bugs/2006-09/msg00012.html - preserve timestamps of configure files [1.9.6-2.2] - add fix for CVE-2009-4029 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010-0321 CVE-2009-4029 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | automake automake14 automake15 automake16 automake17 |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 |
OpenVAS Exploits
Date | Description |
---|---|
2010-10-19 | Name : Mandriva Update for automake MDVSA-2010:203 (automake) File : nvt/gb_mandriva_MDVSA_2010_203.nasl |
2010-04-06 | Name : RedHat Update for automake RHSA-2010:0321-04 File : nvt/gb_RHSA-2010_0321-04_automake.nasl |
2010-03-05 | Name : Fedora Update for automake16 FEDORA-2010-1148 File : nvt/gb_fedora_2010_1148_automake16_fc11.nasl |
2010-03-05 | Name : Fedora Update for automake15 FEDORA-2010-1174 File : nvt/gb_fedora_2010_1174_automake15_fc11.nasl |
2010-03-05 | Name : Fedora Update for automake14 FEDORA-2010-1718 File : nvt/gb_fedora_2010_1718_automake14_fc12.nasl |
2010-03-05 | Name : Fedora Update for automake16 FEDORA-2010-3520 File : nvt/gb_fedora_2010_3520_automake16_fc12.nasl |
2010-03-05 | Name : Fedora Update for automake15 FEDORA-2010-3563 File : nvt/gb_fedora_2010_3563_automake15_fc12.nasl |
2010-03-05 | Name : Fedora Update for automake17 FEDORA-2010-3569 File : nvt/gb_fedora_2010_3569_automake17_fc11.nasl |
2010-03-05 | Name : Fedora Update for automake17 FEDORA-2010-3573 File : nvt/gb_fedora_2010_3573_automake17_fc12.nasl |
2010-03-05 | Name : Fedora Update for automake14 FEDORA-2010-3591 File : nvt/gb_fedora_2010_3591_automake14_fc11.nasl |
2010-03-02 | Name : Fedora Update for automake FEDORA-2010-1216 File : nvt/gb_fedora_2010_1216_automake_fc11.nasl |
2010-01-15 | Name : Fedora Update for automake FEDORA-2009-13157 File : nvt/gb_fedora_2009_13157_automake_fc12.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
61210 | GNU Automake make dist / distcheck distdir Target Permission Weakness Race Co... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-12-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-08.nasl - Type : ACT_GATHER_INFO |
2013-10-27 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201310-15.nasl - Type : ACT_GATHER_INFO |
2013-08-14 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_automake-130812.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100330_automake_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2010-10-14 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-203.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-1148.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-1174.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-1216.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-1718.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-3520.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-3563.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-3569.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-3573.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-3591.nasl - Type : ACT_GATHER_INFO |
2010-05-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0321.nasl - Type : ACT_GATHER_INFO |
2010-02-25 | Name : The remote Fedora host is missing a security update. File : fedora_2009-13157.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:41:48 |
|