CVE-2009-4029

The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.
Race Condition
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.4 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 72%
Affected Products (NVD)
VendorProductVersion
gnuautomake
1.10.3
gnuautomake
1.11.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
automake
dapper
ignored
hardy
ignored
intrepid
ignored
jaunty
ignored
karmic
ignored
lucid
not-affected
maverick
not-affected
natty
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
automake
suse enterprise desktop 15
1.15.1-2.145
fixed
suse enterprise desktop 15 SP1
1.15.1-2.145
fixed
suse enterprise desktop 15 SP2
1.15.1-2.145
fixed
suse enterprise sap 12 SP5
1.13.4-6.2
fixed
suse enterprise sap 15
1.15.1-2.145
fixed
suse enterprise sap 15 SP1
1.15.1-2.145
fixed
suse enterprise sap 15 SP2
1.15.1-2.145
fixed
suse enterprise server 12
1.13.4-4.56
fixed
suse enterprise server 12 SP1
1.13.4-4.56
fixed
suse enterprise server 12 SP2
1.13.4-6.2
fixed
suse enterprise server 12 SP3
1.13.4-6.2
fixed
suse enterprise server 12 SP4
1.13.4-6.2
fixed
suse enterprise server 12 SP5
1.13.4-6.2
fixed
suse enterprise server 15
1.15.1-2.145
fixed
suse enterprise server 15 SP1
1.15.1-2.145
fixed
suse enterprise server 15 SP2
1.15.1-2.145
fixed
m4
suse enterprise desktop 15
1.4.18-2.138
fixed
suse enterprise desktop 15 SP1
1.4.18-2.138
fixed
suse enterprise desktop 15 SP2
1.4.18-2.138
fixed
suse enterprise sap 12 SP5
1.4.16-15.74
fixed
suse enterprise sap 15
1.4.18-2.138
fixed
suse enterprise sap 15 SP1
1.4.18-2.138
fixed
suse enterprise sap 15 SP2
1.4.18-2.138
fixed
suse enterprise server 12
1.4.16-15.74
fixed
suse enterprise server 12 SP1
1.4.16-15.74
fixed
suse enterprise server 12 SP2
1.4.16-15.74
fixed
suse enterprise server 12 SP3
1.4.16-15.74
fixed
suse enterprise server 12 SP4
1.4.16-15.74
fixed
suse enterprise server 12 SP5
1.4.16-15.74
fixed
suse enterprise server 15
1.4.18-2.138
fixed
suse enterprise server 15 SP1
1.4.18-2.138
fixed
suse enterprise server 15 SP2
1.4.18-2.138
fixed
Common Weakness Enumeration
References
http://lists.gnu.org/archive/html/automake-patches/2009-11/msg00017.html
http://lists.gnu.org/archive/html/automake/2009-12/msg00010.html
http://lists.gnu.org/archive/html/automake/2009-12/msg00011.html
http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html
http://lists.gnu.org/archive/html/automake/2009-12/msg00013.html
http://savannah.gnu.org/forum/forum.php?forum_id=6077
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021784.1-1
http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071
http://www.mandriva.com/security/advisories?name=MDVSA-2010:203
http://www.securityfocus.com/archive/1/514526/100/0/threaded
http://www.vupen.com/english/advisories/2009/3579
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11717
http://lists.gnu.org/archive/html/automake-patches/2009-11/msg00017.html
http://lists.gnu.org/archive/html/automake/2009-12/msg00010.html
http://lists.gnu.org/archive/html/automake/2009-12/msg00011.html
http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html
http://lists.gnu.org/archive/html/automake/2009-12/msg00013.html
http://savannah.gnu.org/forum/forum.php?forum_id=6077
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021784.1-1
http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071
http://www.mandriva.com/security/advisories?name=MDVSA-2010:203
http://www.securityfocus.com/archive/1/514526/100/0/threaded
http://www.vupen.com/english/advisories/2009/3579
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11717