CVE

Id
41464  
CVE No.
CVE-2009-4029  
Status
Candidate  
Description
The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.  
Phase
Assigned (20091120)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
455609 41464 CVE-2009-4029 BUGTRAQ:20101027 rPSA-2010-0071-1 automake  View
455610 41464 CVE-2009-4029 URL:http://www.securityfocus.com/archive/1/archive/1/514526/100/0/threaded  View
455611 41464 CVE-2009-4029 MLIST:[automake-patches] 20091128 [PATCH] do not put world-writable directories in distribution tarballs  View
455612 41464 CVE-2009-4029 URL:http://lists.gnu.org/archive/html/automake-patches/2009-11/msg00017.html  View
455613 41464 CVE-2009-4029 MLIST:[automake] 20091208 CVE-2009-4029 Automake security fix for "make dist*"  View
455614 41464 CVE-2009-4029 URL:http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html  View
455615 41464 CVE-2009-4029 MLIST:[automake] 20091208 GNU Automake 1.10.3 released  View
455616 41464 CVE-2009-4029 URL:http://lists.gnu.org/archive/html/automake/2009-12/msg00011.html  View
455617 41464 CVE-2009-4029 MLIST:[automake] 20091208 GNU Automake 1.11.1 released  View
455618 41464 CVE-2009-4029 URL:http://lists.gnu.org/archive/html/automake/2009-12/msg00010.html  View
455619 41464 CVE-2009-4029 MLIST:[automake] 20091208 Re: CVE-2009-4029 Automake security fix for "make dist*"  View
455620 41464 CVE-2009-4029 URL:http://lists.gnu.org/archive/html/automake/2009-12/msg00013.html  View
455621 41464 CVE-2009-4029 CONFIRM:http://savannah.gnu.org/forum/forum.php?forum_id=6077  View
455622 41464 CVE-2009-4029 CONFIRM:http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071  View
455623 41464 CVE-2009-4029 MANDRIVA:MDVSA-2010:203  View
455624 41464 CVE-2009-4029 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:203  View
455625 41464 CVE-2009-4029 SUNALERT:1021784  View
455626 41464 CVE-2009-4029 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021784.1-1  View
455627 41464 CVE-2009-4029 OVAL:oval:org.mitre.oval:def:11717  View
455628 41464 CVE-2009-4029 URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11717  View
455629 41464 CVE-2009-4029 VUPEN:ADV-2009-3579  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
41421 JVNDB-2009-002428 acpid のレッドハットパッチにおける権限を取得される脆弱性 acpid のレッドハットパッチには、不十分な引数を持つオープン関数を呼ぶ処理に不備があるため、重要な情報を取得される、サービス運用妨害 (DoS) 状態となる、または権限を取得される脆弱性が存在します。 CVE-2009-4033 41464 6.9 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002428.html  View