Back to search
CVE-2009-4029
Published: Dec 20, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
MDVSA-2010:203
vendor-advisory
x_refsource_MANDRIVA
[automake] 20091208 CVE-2009-4029 Automake security fix for 'make dist*'
mailing-list
x_refsource_MLIST
[automake-patches] 20091128 [PATCH] do not put world-writable directories in distribution tarballs
mailing-list
x_refsource_MLIST
http://savannah.gnu.org/forum/forum.php?forum_id=6077
x_refsource_CONFIRM
[automake] 20091208 Re: CVE-2009-4029 Automake security fix for 'make dist*'
mailing-list
x_refsource_MLIST
20101027 rPSA-2010-0071-1 automake
mailing-list
x_refsource_BUGTRAQ
[automake] 20091208 GNU Automake 1.11.1 released
mailing-list
x_refsource_MLIST
oval:org.mitre.oval:def:11717
vdb-entry
signature
x_refsource_OVAL
http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071
x_refsource_CONFIRM
ADV-2009-3579
vdb-entry
x_refsource_VUPEN
[automake] 20091208 GNU Automake 1.10.3 released
mailing-list
x_refsource_MLIST
1021784
vendor-advisory
x_refsource_SUNALERT
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now