Vulnerabilities > CVE-2009-4029 - Race Condition vulnerability in GNU Automake 1.10.3/1.11.1/Branch
Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Leveraging Race Conditions This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
- Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2010-1216.NASL description Fixes CVE-2009-4029 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47240 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47240 title Fedora 11 : automake-1.11.1-1.fc11.1 (2010-1216) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2010-1216. # include("compat.inc"); if (description) { script_id(47240); script_version("1.13"); script_cvs_date("Date: 2019/08/02 13:32:31"); script_cve_id("CVE-2009-4029"); script_bugtraq_id(37378); script_xref(name:"FEDORA", value:"2010-1216"); script_name(english:"Fedora 11 : automake-1.11.1-1.fc11.1 (2010-1216)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fixes CVE-2009-4029 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=542609" ); # https://lists.fedoraproject.org/pipermail/package-announce/2010-February/034542.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?26430f7e" ); script_set_attribute( attribute:"solution", value:"Update the affected automake package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:automake"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:11"); script_set_attribute(attribute:"patch_publication_date", value:"2010/01/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/07/01"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^11([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 11.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC11", reference:"automake-1.11.1-1.fc11.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "automake"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0321.NASL description Updated automake, automake14, automake15, automake16, and automake17 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Automake is a tool for automatically generating Makefile.in files compliant with the GNU Coding Standards. Automake-generated Makefiles made certain directories world-writable when preparing source archives, as was recommended by the GNU Coding Standards. If a malicious, local user could access the directory where a victim was creating distribution archives, they could use this flaw to modify the files being added to those archives. Makefiles generated by these updated automake packages no longer make distribution directories world-writable, as recommended by the updated GNU Coding Standards. (CVE-2009-4029) Note: This issue affected Makefile targets used by developers to prepare distribution source archives. Those targets are not used when compiling programs from the source code. All users of automake, automake14, automake15, automake16, and automake17 should upgrade to these updated packages, which resolve this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 46289 published 2010-05-11 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/46289 title RHEL 5 : automake (RHSA-2010:0321) NASL family Fedora Local Security Checks NASL id FEDORA_2010-1148.NASL description - Tue Feb 16 2010 Karsten Hopp <karsten at redhat.com> 1.6.3-18.1 - fix CVE-2009-4029 - Fri Jul 31 2009 Karsten Hopp <karsten at redhat.com> 1.6.3-18 - rebuild - Thu Jul 30 2009 Karsten Hopp <karsten at redhat.com> 1.6.3-17 - fix build problem - Fri Jul 24 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.6.3-16 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47235 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/47235 title Fedora 11 : automake16-1.6.3-18.fc11.1 (2010-1148) NASL family Fedora Local Security Checks NASL id FEDORA_2009-13157.NASL description - Wed Dec 9 2009 Karsten Hopp <karsten at redhat.com> 1.11.1-1 - update to version 1.11.1 to fix CVE-2009-4029 - Tue Dec 1 2009 Karsten Hopp <karsten at redhat.com> 1.11-6 - preserve time stamps of man pages (#225302) - drop MIT from list of licenses - Wed Nov 4 2009 Stepan Kasal <skasal at redhat.com> - 1.11-5 - add even more testsuite build requires - Wed Nov 4 2009 Stepan Kasal <skasal at redhat.com> - 1.11-4 - add build requires for testsuite Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 44879 published 2010-02-25 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44879 title Fedora 12 : automake-1.11.1-1.fc12 (2009-13157) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-203.NASL description A vulnerability was discovered and corrected in automake : The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete (CVE-2009-4029). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=4 90 The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 49973 published 2010-10-14 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/49973 title Mandriva Linux Security Advisory : automake (MDVSA-2010:203) NASL family Fedora Local Security Checks NASL id FEDORA_2010-3591.NASL description - Tue Feb 9 2010 Karsten Hopp <karsten at redhat.com> 1.4p6-20 - add fix for CVE-2009-4029 - Fri Jul 24 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.4p6-19 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47321 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/47321 title Fedora 11 : automake14-1.4p6-20.fc11 (2010-3591) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201310-15.NASL description The remote host is affected by the vulnerability described in GLSA-201310-15 (GNU Automake: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in GNU Automake. Please review the CVE identifiers referenced below for details. Impact : A local attacker could execute arbitrary commands with the privileges of the user running an Automake-based build. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 70650 published 2013-10-27 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70650 title GLSA-201310-15 : GNU Automake: Multiple vulnerabilities NASL family Scientific Linux Local Security Checks NASL id SL_20100330_AUTOMAKE_ON_SL5_X.NASL description Automake-generated Makefiles made certain directories world-writable when preparing source archives, as was recommended by the GNU Coding Standards. If a malicious, local user could access the directory where a victim was creating distribution archives, they could use this flaw to modify the files being added to those archives. Makefiles generated by these updated automake packages no longer make distribution directories world-writable, as recommended by the updated GNU Coding Standards. (CVE-2009-4029) Note: This issue affected Makefile targets used by developers to prepare distribution source archives. Those targets are not used when compiling programs from the source code. last seen 2020-06-01 modified 2020-06-02 plugin id 60761 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60761 title Scientific Linux Security Update : automake on SL5.x i386/x86_64 NASL family Fedora Local Security Checks NASL id FEDORA_2010-3520.NASL description - Tue Feb 16 2010 Karsten Hopp <karsten at redhat.com> 1.6.3-18.1 - fix CVE-2009-4029 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47315 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/47315 title Fedora 12 : automake16-1.6.3-18.fc12.1 (2010-3520) NASL family SuSE Local Security Checks NASL id SUSE_11_AUTOMAKE-130812.NASL description This update of automake fixes a race condition in last seen 2020-06-05 modified 2013-08-14 plugin id 69345 published 2013-08-14 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69345 title SuSE 11.2 / 11.3 Security Update : automake (SAT Patch Numbers 8196 / 8197) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201412-08.NASL description The remote host is affected by the vulnerability described in GLSA-201412-08 (Multiple packages, Multiple vulnerabilities fixed in 2010) Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. Insight Perl Tk Module Source-Navigator Tk Partimage Mlmmj acl Xinit gzip ncompress liblzw splashutils GNU M4 KDE Display Manager GTK+ KGet dvipng Beanstalk Policy Mount pam_krb5 GNU gv LFTP Uzbl Slim Bitdefender Console iputils DVBStreamer Impact : A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. Workaround : There are no known workarounds at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 79961 published 2014-12-15 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79961 title GLSA-201412-08 : Multiple packages, Multiple vulnerabilities fixed in 2010 NASL family Fedora Local Security Checks NASL id FEDORA_2010-3563.NASL description - Tue Feb 16 2010 Karsten Hopp <karsten at redhat.com> 1.5-29.1 - update CVE-2009-4029 patch - Tue Feb 9 2010 Karsten Hopp <karsten at redhat.com> 1.5-29 - add disttag - Tue Feb 9 2010 Karsten Hopp <karsten at redhat.com> 1.5-28 - add fix for CVE-2009-4029 - add buildrequirement flex Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47317 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/47317 title Fedora 12 : automake15-1.5-29.fc12.1 (2010-3563) NASL family Fedora Local Security Checks NASL id FEDORA_2010-3569.NASL description - Tue Feb 16 2010 Karsten Hopp <karsten at redhat.com> 1.7.9-13.1 - fix CVE-2009-4029 - Fri Jul 24 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.7.9-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47318 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/47318 title Fedora 11 : automake17-1.7.9-13.fc11.1 (2010-3569) NASL family Fedora Local Security Checks NASL id FEDORA_2010-3573.NASL description - Tue Feb 16 2010 Karsten Hopp <karsten at redhat.com> 1.7.9-13.1 - fix CVE-2009-4029 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47319 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/47319 title Fedora 12 : automake17-1.7.9-13.fc12.1 (2010-3573) NASL family Fedora Local Security Checks NASL id FEDORA_2010-1174.NASL description - Tue Feb 16 2010 Karsten Hopp <karsten at redhat.com> 1.5-29.1 - update CVE-2009-4029 patch - Tue Feb 9 2010 Karsten Hopp <karsten at redhat.com> 1.5-29 - add disttag - Tue Feb 9 2010 Karsten Hopp <karsten at redhat.com> 1.5-28 - add fix for CVE-2009-4029 - add buildrequirement flex - Fri Jul 24 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.5-27 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47238 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/47238 title Fedora 11 : automake15-1.5-29.fc11.1 (2010-1174) NASL family Fedora Local Security Checks NASL id FEDORA_2010-1718.NASL description - Tue Feb 9 2010 Karsten Hopp <karsten at redhat.com> 1.4p6-20 - add fix for CVE-2009-4029 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47265 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/47265 title Fedora 12 : automake14-1.4p6-20.fc12 (2010-1718)
Oval
| accepted | 2013-04-29T04:15:28.467-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| definition_extensions |
| ||||||||||||
| description | The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete. | ||||||||||||
| family | unix | ||||||||||||
| id | oval:org.mitre.oval:def:11717 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||
| title | The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete. | ||||||||||||
| version | 19 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
Statements
| contributor | Mark Cox |
| lastmodified | 2010-03-31 |
| organization | Red Hat |
| statement | Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-4029 This issue was addressed in the automake, automake14, automake15, automake16 and automake17 packages as shipped with Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2010-0321.html The Red Hat Security Response Team has rated this issue as having low security impact, theres no plan to address this flaw in automake packages in Red Hat Enterprise Linux 3 and 4. |
References
- http://lists.gnu.org/archive/html/automake/2009-12/msg00010.html
- http://lists.gnu.org/archive/html/automake/2009-12/msg00011.html
- http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html
- http://lists.gnu.org/archive/html/automake/2009-12/msg00013.html
- http://lists.gnu.org/archive/html/automake-patches/2009-11/msg00017.html
- http://savannah.gnu.org/forum/forum.php?forum_id=6077
- http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021784.1-1
- http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:203
- http://www.securityfocus.com/archive/1/514526/100/0/threaded
- http://www.vupen.com/english/advisories/2009/3579
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11717