World-Writable Permissions in GNU Automake Extraction Directory
CVE-2012-3386

Currently unrated

Key Information:

Vendor: Gnu
Status: Automake
Vendor: CVE Published:; 7 August 2012

Summary

Prior to certain versions, GNU Automake's 'make distcheck' rule allows for world-writable permissions on the extraction directory. This misconfiguration introduces a race condition, enabling local users to execute arbitrary code. Users are advised to upgrade to secure versions to mitigate these risks and protect their systems from potential breaches.

References

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

http://lists.opensuse.org/opensuse-updates/2012-11/msg000...

vendor-advisoryx_refsource_SUSE

Timeline

Vulnerability published
Aug 7, 2012
Vulnerability Reserved
Jun 14, 2012