Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3386

Overview

Vulnerability Score 4.4 4.4
CVE Id CVE-2012-3386
Last Modified 04 Apr 2013 11:11:57
Published 07 Aug 2012 05:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2012-3386

Summary

The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors.

Vulnerable Systems

Application

  • Gnu Automake 1.0

  • Gnu Automake 1.10

  • Gnu Automake 1.10.0.3

  • Gnu Automake 1.10.1

  • Gnu Automake 1.10.2

  • Gnu Automake 1.10.3

  • Gnu Automake 1.11.1

  • Gnu Automake 1.11.2

  • Gnu Automake 1.11.3

  • Gnu Automake 1.11.4

  • Gnu Automake 1.11.5

  • Gnu Automake 1.12

  • Gnu Automake 1.12.1

  • Gnu Automake 1.2

  • Gnu Automake 1.3

  • Gnu Automake 1.4

  • Gnu Automake 1.5

  • Gnu Automake 1.6

  • Gnu Automake 1.6.1

  • Gnu Automake 1.6.2

  • Gnu Automake 1.6.3

  • Gnu Automake 1.7

  • Gnu Automake 1.7.1

  • Gnu Automake 1.7.2

  • Gnu Automake 1.7.3

  • Gnu Automake 1.7.4

  • Gnu Automake 1.7.5

  • Gnu Automake 1.7.6

  • Gnu Automake 1.7.7

  • Gnu Automake 1.7.8

  • Gnu Automake 1.7.9

  • Gnu Automake 1.8

  • Gnu Automake 1.8.1

  • Gnu Automake 1.8.2

  • Gnu Automake 1.8.3

  • Gnu Automake 1.8.4

  • Gnu Automake 1.8.5

  • Gnu Automake 1.9

  • Gnu Automake 1.9.1

  • Gnu Automake 1.9.2

  • Gnu Automake 1.9.3

  • Gnu Automake 1.9.4

  • Gnu Automake 1.9.5

  • Gnu Automake 1.9.6


References

MLIST - [automake] 20120709 CVE-2012-3386 Automake security fix for 'make distcheck'

MLIST - [automake] 20120709 GNU Automake 1.12.2 released (fixes a SECURITY VULNERABILITY!)

MLIST - [automake] 20120709 GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!)

MANDRIVA - MDVSA-2012:103

CONFIRM - http://git.savannah.gnu.org/cgit/automake.git/commit/?id=784b3e6ccc7c72a1c95c340cbbe8897d6b689d76

SUSE - openSUSE-SU-2012:1519

REDHAT - RHSA-2013:0526

FEDORA - FEDORA-2012-14297

FEDORA - FEDORA-2012-14349

FEDORA - FEDORA-2012-14770


Last Updated: 27 May 2016 10:53:35