FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2012-3386

This CVE name corresponds to:

Entered Topic
2012-08-06 automake -- Insecure 'distcheck' recipe granted world-writable distdir

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2012-3386
Phase Assigned(20120614)

Description

The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors.

References

Source Reference
MLIST [automake] 20120709 CVE-2012-3386 Automake security fix for 'make distcheck'
MLIST [automake] 20120709 GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!)
MLIST [automake] 20120709 GNU Automake 1.12.2 released (fixes a SECURITY VULNERABILITY!)
CONFIRM http://git.savannah.gnu.org/cgit/automake.git/commit/?id=784b3e6ccc7c72a1c95c340cbbe8897d6b689d76
FEDORA FEDORA-2012-14297
FEDORA FEDORA-2012-14349
FEDORA FEDORA-2012-14770
MANDRIVA MDVSA-2012:103
REDHAT RHSA-2013:0526
SUSE openSUSE-SU-2012:1519