CVE-2012-3386

Currently unrated

Key Information:

Vendor: Gnu
Status: Automake
Vendor: CVE Published:; 7 August 2012

Summary

The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors.

References

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

http://lists.opensuse.org/opensuse-updates/2012-11/msg000...

vendor-advisoryx_refsource_SUSE

Timeline

Vulnerability published
Aug 7, 2012
Vulnerability Reserved
Jun 14, 2012