Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2009-4029

Опубликовано: 08 дек. 2009
Источник: redhat
CVSS2: 3.7

Описание

The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.

Отчет

The Red Hat Product Security has rated this issue as having low security impact, theres no plan to address this flaw in automake packages in Red Hat Enterprise Linux 3 and 4.

Ссылки на источники

Дополнительная информация

Статус:

Low
https://bugzilla.redhat.com/show_bug.cgi?id=542609Automake: Race condition by creation of "distdir" based directory hierarchy

3.7 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2009-4029

ubuntu
больше 15 лет назад

The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.

nvd логотип

CVE-2009-4029

nvd
больше 15 лет назад

The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.

debian логотип

CVE-2009-4029

debian
больше 15 лет назад

The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, an ...

github логотип

GHSA-9xh2-rhpf-vx4p

github
около 3 лет назад

The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.

oracle-oval логотип

ELSA-2010-0321

oracle-oval
около 15 лет назад

ELSA-2010-0321: automake security update (LOW)

3.7 Low

CVSS2