You are here

CVE-2012-3386

Vincent (CVE) Danen's picture
It was found that the distcheck rule in Automake-generated Makefiles made a directory world-writable when preparing source archives. If a malicious, local user could access this directory, they could execute arbitrary code with the privileges of the user running "make distcheck".

Details Source

Red Hat

Statement

This issue affects the version of automake15, automake16 and automake17 as shipped with Red Hat Enterprise Linux 5. This issue affects the version of automake15 and automake16 as shipped with Red Hat Enterprise Linux 6. A future update may address this flaw in various affected versions of automake.

Public Date

2012-07-09 00:00:00

Impact

Low

Bugzilla

CVE-2012-3386 automake: locally exploitable "make distcheck" bug

Bugzilla ID

838 286

CVSS Status

verified

Base Score

3.70

Base Metrics

AV:L/AC:H/Au:N/C:P/I:P/A:P

Acknowledgements

Red Hat would like to thank Jim Meyering for reporting this issue. Upstream acknowledges Stefano Lattarini as the original reporter.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 6 (automake) RHSA-2013:0526 2013-02-20
Red Hat Enterprise Linux 5 (automake) RHSA-2014:1243 2014-09-16

CWE

CWE-732

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 6 automake15 Fix deferred
Red Hat Enterprise Linux 6 automake16 Fix deferred
Red Hat Enterprise Linux 5 automake15 Will not fix
Red Hat Enterprise Linux 5 automake16 Will not fix
Red Hat Enterprise Linux 5 automake17 Will not fix