CVE-2009-4029

GNU Automake <1.11.1-branch-1-9 - Local Privilege Escalation

Title source: llm
STIX 2.1

Description

The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.

References (12)

Core 12
Core References
Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021784.1-1
Third Party Advisory x_refsource_confirm
http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:203
Various Sources x_refsource_confirm
http://savannah.gnu.org/forum/forum.php?forum_id=6077
Various Sources mailing-list x_refsource_mlist
http://lists.gnu.org/archive/html/automake/2009-12/msg00013.html
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/514526/100/0/threaded
Various Sources mailing-list x_refsource_mlist
http://lists.gnu.org/archive/html/automake/2009-12/msg00010.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11717
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3579
Various Sources mailing-list x_refsource_mlist
http://lists.gnu.org/archive/html/automake/2009-12/msg00011.html

Scores

EPSS 0.0072
EPSS Percentile 72.6%

Details

CWE
CWE-362
Status published
Products (3)
gnu/automake 1.10.3
gnu/automake 1.11.1
gnu/automake branch 1-9
Published Dec 20, 2009
Tracked Since Feb 18, 2026