Vulnerabilities > CVE-2012-3386 - Race Condition vulnerability in GNU Automake
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Leveraging Race Conditions This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
- Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-1243.NASL description An updated automake package that fixes one security issue is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Automake is a tool for automatically generating Makefile.in files compliant with the GNU Coding Standards. It was found that the distcheck rule in Automake-generated Makefiles made a directory world-writable when preparing source archives. If a malicious, local user could access this directory, they could execute arbitrary code with the privileges of the user running last seen 2020-06-01 modified 2020-06-02 plugin id 77696 published 2014-09-16 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77696 title RHEL 5 : automake (RHSA-2014:1243) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2014:1243. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(77696); script_version("1.15"); script_cvs_date("Date: 2019/10/24 15:35:38"); script_cve_id("CVE-2012-3386"); script_bugtraq_id(54418); script_xref(name:"RHSA", value:"2014:1243"); script_name(english:"RHEL 5 : automake (RHSA-2014:1243)"); script_summary(english:"Checks the rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing a security update." ); script_set_attribute( attribute:"description", value: "An updated automake package that fixes one security issue is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Automake is a tool for automatically generating Makefile.in files compliant with the GNU Coding Standards. It was found that the distcheck rule in Automake-generated Makefiles made a directory world-writable when preparing source archives. If a malicious, local user could access this directory, they could execute arbitrary code with the privileges of the user running 'make distcheck'. (CVE-2012-3386) Red Hat would like to thank Jim Meyering for reporting this issue. Upstream acknowledges Stefano Lattarini as the original reporter. All automake users are advised to upgrade to this updated package, which contains a backported patch to correct this issue." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-3386" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2014:1243" ); script_set_attribute( attribute:"solution", value:"Update the affected automake package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:automake"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"patch_publication_date", value:"2014/09/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/09/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = eregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2014:1243"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL5", reference:"automake-1.9.6-3.el5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "automake"); } }NASL family Scientific Linux Local Security Checks NASL id SL_20130221_AUTOMAKE_ON_SL6_X.NASL description It was found that the distcheck rule in Automake-generated Makefiles made a directory world-writable when preparing source archives. If a malicious, local user could access this directory, they could execute arbitrary code with the privileges of the user running last seen 2020-03-18 modified 2013-03-01 plugin id 64947 published 2013-03-01 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64947 title Scientific Linux Security Update : automake on SL6.x (noarch) (20130221) code # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(64947); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/27"); script_cve_id("CVE-2012-3386"); script_name(english:"Scientific Linux Security Update : automake on SL6.x (noarch) (20130221)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Scientific Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "It was found that the distcheck rule in Automake-generated Makefiles made a directory world-writable when preparing source archives. If a malicious, local user could access this directory, they could execute arbitrary code with the privileges of the user running 'make distcheck'. (CVE-2012-3386)" ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1302&L=scientific-linux-errata&T=0&P=5162 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?c9c0a591" ); script_set_attribute( attribute:"solution", value:"Update the affected automake package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:automake"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/08/07"); script_set_attribute(attribute:"patch_publication_date", value:"2013/02/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL6", reference:"automake-1.11.1-4.el6")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "automake"); }NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-0526.NASL description From Red Hat Security Advisory 2013:0526 : An updated automake package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Automake is a tool for automatically generating Makefile.in files compliant with the GNU Coding Standards. It was found that the distcheck rule in Automake-generated Makefiles made a directory world-writable when preparing source archives. If a malicious, local user could access this directory, they could execute arbitrary code with the privileges of the user running last seen 2020-06-01 modified 2020-06-02 plugin id 68761 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68761 title Oracle Linux 6 : automake (ELSA-2013-0526) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2013:0526 and # Oracle Linux Security Advisory ELSA-2013-0526 respectively. # include("compat.inc"); if (description) { script_id(68761); script_version("1.5"); script_cvs_date("Date: 2019/09/30 10:58:18"); script_cve_id("CVE-2012-3386"); script_bugtraq_id(54418); script_xref(name:"RHSA", value:"2013:0526"); script_name(english:"Oracle Linux 6 : automake (ELSA-2013-0526)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2013:0526 : An updated automake package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Automake is a tool for automatically generating Makefile.in files compliant with the GNU Coding Standards. It was found that the distcheck rule in Automake-generated Makefiles made a directory world-writable when preparing source archives. If a malicious, local user could access this directory, they could execute arbitrary code with the privileges of the user running 'make distcheck'. (CVE-2012-3386) Red Hat would like to thank Jim Meyering for reporting this issue. Upstream acknowledges Stefano Lattarini as the original reporter. Users of automake are advised to upgrade to this updated package, which corrects this issue." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2013-February/003279.html" ); script_set_attribute( attribute:"solution", value:"Update the affected automake package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:automake"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/08/07"); script_set_attribute(attribute:"patch_publication_date", value:"2013/02/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL6", reference:"automake-1.11.1-4.el6")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "automake"); }NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_36235C38E0A811E19F4D002354ED89BC.NASL description GNU reports : The recipe of the last seen 2020-06-01 modified 2020-06-02 plugin id 61451 published 2012-08-08 reporter This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61451 title FreeBSD : automake -- Insecure 'distcheck' recipe granted world-writable distdir (36235c38-e0a8-11e1-9f4d-002354ed89bc) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(61451); script_version("1.5"); script_cvs_date("Date: 2018/11/10 11:49:42"); script_cve_id("CVE-2012-3386"); script_name(english:"FreeBSD : automake -- Insecure 'distcheck' recipe granted world-writable distdir (36235c38-e0a8-11e1-9f4d-002354ed89bc)"); script_summary(english:"Checks for updated package in pkg_info output"); script_set_attribute( attribute:"synopsis", value:"The remote FreeBSD host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "GNU reports : The recipe of the 'distcheck' target granted temporary world-write permissions on the extracted distdir. This introduced a locally exploitable race condition for those who run 'make distcheck' with a non-restrictive umask (e.g., 022) in a directory that was accessible by others. A successful exploit would result in arbitrary code execution with the privileges of the user running 'make distcheck'. It is important to stress that this vulnerability impacts not only the Automake package itself, but all packages with Automake-generated makefiles. For an effective fix it is necessary to regenerate the Makefile.in files with a fixed Automake version." ); script_set_attribute( attribute:"see_also", value:"https://lists.gnu.org/archive/html/automake/2012-07/msg00023.html" ); # https://vuxml.freebsd.org/freebsd/36235c38-e0a8-11e1-9f4d-002354ed89bc.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?99848a50" ); script_set_attribute(attribute:"solution", value:"Update the affected package."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:automake"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/07/09"); script_set_attribute(attribute:"patch_publication_date", value:"2012/08/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/08"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"automake>=1.5.0<1.12.2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-795.NASL description Automake received fixes for race conditions in last seen 2020-06-05 modified 2014-06-13 plugin id 74814 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74814 title openSUSE Security Update : automake (openSUSE-SU-2012:1519-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2012-795. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(74814); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2012-3386"); script_name(english:"openSUSE Security Update : automake (openSUSE-SU-2012:1519-1)"); script_summary(english:"Check for the openSUSE-2012-795 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Automake received fixes for race conditions in 'make distcheck', where tarballs were created world-writeable." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=770618" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2012-11/msg00038.html" ); script_set_attribute( attribute:"solution", value:"Update the affected automake package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:automake"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.2"); script_set_attribute(attribute:"patch_publication_date", value:"2012/10/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE12\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if ( rpm_check(release:"SUSE12.2", reference:"automake-1.12.1-1.5.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "automake"); }NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2012-206-01.NASL description New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 60112 published 2012-07-25 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60112 title Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 8.1 / 9.0 / 9.1 / current : libpng (SSA:2012-206-01) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2012-206-01. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(60112); script_version("1.6"); script_cvs_date("Date: 2019/07/10 16:04:14"); script_cve_id("CVE-2011-3045", "CVE-2011-3048", "CVE-2012-3386"); script_bugtraq_id(52453, 52830, 54418); script_xref(name:"SSA", value:"2012-206-01"); script_name(english:"Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 8.1 / 9.0 / 9.1 / current : libpng (SSA:2012-206-01)"); script_summary(english:"Checks for updated package in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues." ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.632705 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?45a4879d" ); script_set_attribute( attribute:"solution", value:"Update the affected libpng package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:libpng"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:11.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:12.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:13.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:13.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:13.37"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:8.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:9.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:9.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/03/22"); script_set_attribute(attribute:"patch_publication_date", value:"2012/07/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/07/25"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"8.1", pkgname:"libpng", pkgver:"1.2.50", pkgarch:"i386", pkgnum:"1_slack8.1")) flag++; if (slackware_check(osver:"9.0", pkgname:"libpng", pkgver:"1.2.50", pkgarch:"i386", pkgnum:"1_slack9.0")) flag++; if (slackware_check(osver:"9.1", pkgname:"libpng", pkgver:"1.2.50", pkgarch:"i486", pkgnum:"1_slack9.1")) flag++; if (slackware_check(osver:"10.0", pkgname:"libpng", pkgver:"1.2.50", pkgarch:"i486", pkgnum:"1_slack10.0")) flag++; if (slackware_check(osver:"10.1", pkgname:"libpng", pkgver:"1.2.50", pkgarch:"i486", pkgnum:"1_slack10.1")) flag++; if (slackware_check(osver:"10.2", pkgname:"libpng", pkgver:"1.2.50", pkgarch:"i486", pkgnum:"1_slack10.2")) flag++; if (slackware_check(osver:"11.0", pkgname:"libpng", pkgver:"1.2.50", pkgarch:"i486", pkgnum:"1_slack11.0")) flag++; if (slackware_check(osver:"12.0", pkgname:"libpng", pkgver:"1.2.50", pkgarch:"i486", pkgnum:"1_slack12.0")) flag++; if (slackware_check(osver:"12.1", pkgname:"libpng", pkgver:"1.2.50", pkgarch:"i486", pkgnum:"1_slack12.1")) flag++; if (slackware_check(osver:"12.2", pkgname:"libpng", pkgver:"1.2.50", pkgarch:"i486", pkgnum:"1_slack12.2")) flag++; if (slackware_check(osver:"13.0", pkgname:"libpng", pkgver:"1.2.50", pkgarch:"i486", pkgnum:"1_slack13.0")) flag++; if (slackware_check(osver:"13.0", arch:"x86_64", pkgname:"libpng", pkgver:"1.2.50", pkgarch:"x86_64", pkgnum:"1_slack13.0")) flag++; if (slackware_check(osver:"13.1", pkgname:"libpng", pkgver:"1.4.12", pkgarch:"i486", pkgnum:"1_slack13.1")) flag++; if (slackware_check(osver:"13.1", arch:"x86_64", pkgname:"libpng", pkgver:"1.4.12", pkgarch:"x86_64", pkgnum:"1_slack13.1")) flag++; if (slackware_check(osver:"13.37", pkgname:"libpng", pkgver:"1.4.12", pkgarch:"i486", pkgnum:"1_slack13.37")) flag++; if (slackware_check(osver:"13.37", arch:"x86_64", pkgname:"libpng", pkgver:"1.4.12", pkgarch:"x86_64", pkgnum:"1_slack13.37")) flag++; if (slackware_check(osver:"current", pkgname:"libpng", pkgver:"1.4.12", pkgarch:"i486", pkgnum:"1")) flag++; if (slackware_check(osver:"current", arch:"x86_64", pkgname:"libpng", pkgver:"1.4.12", pkgarch:"x86_64", pkgnum:"1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Scientific Linux Local Security Checks NASL id SL_20140916_AUTOMAKE_ON_SL5_X.NASL description It was found that the distcheck rule in Automake-generated Makefiles made a directory world-writable when preparing source archives. If a malicious, local user could access this directory, they could execute arbitrary code with the privileges of the user running last seen 2020-03-18 modified 2014-09-29 plugin id 77954 published 2014-09-29 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77954 title Scientific Linux Security Update : automake on SL5.x (noarch) (20140916) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(77954); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2012-3386"); script_name(english:"Scientific Linux Security Update : automake on SL5.x (noarch) (20140916)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Scientific Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "It was found that the distcheck rule in Automake-generated Makefiles made a directory world-writable when preparing source archives. If a malicious, local user could access this directory, they could execute arbitrary code with the privileges of the user running 'make distcheck'. (CVE-2012-3386)" ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1409&L=scientific-linux-errata&T=0&P=2249 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?3e84f45d" ); script_set_attribute( attribute:"solution", value:"Update the affected automake package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:automake"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/08/07"); script_set_attribute(attribute:"patch_publication_date", value:"2014/09/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/09/29"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 5.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL5", reference:"automake-1.9.6-3.el5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "automake"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201310-15.NASL description The remote host is affected by the vulnerability described in GLSA-201310-15 (GNU Automake: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in GNU Automake. Please review the CVE identifiers referenced below for details. Impact : A local attacker could execute arbitrary commands with the privileges of the user running an Automake-based build. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 70650 published 2013-10-27 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70650 title GLSA-201310-15 : GNU Automake: Multiple vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2012-14762.NASL description CVE-2012-3386 fix Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-10-04 plugin id 62419 published 2012-10-04 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62419 title Fedora 18 : automake17-1.7.9-17.fc18 (2012-14762) NASL family Fedora Local Security Checks NASL id FEDORA_2012-14349.NASL description - automake-1.11.6, fixes CVE-2012-3386 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-09-19 plugin id 62193 published 2012-09-19 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62193 title Fedora 17 : automake-1.11.6-1.fc17 (2012-14349) NASL family Fedora Local Security Checks NASL id FEDORA_2012-14779.NASL description Fixed security problem CVE-2012-3386. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-10-04 plugin id 62421 published 2012-10-04 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62421 title Fedora 16 : automake17-1.7.9-15.fc16 (2012-14779) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2013-0526.NASL description An updated automake package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Automake is a tool for automatically generating Makefile.in files compliant with the GNU Coding Standards. It was found that the distcheck rule in Automake-generated Makefiles made a directory world-writable when preparing source archives. If a malicious, local user could access this directory, they could execute arbitrary code with the privileges of the user running last seen 2020-06-01 modified 2020-06-02 plugin id 65156 published 2013-03-10 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65156 title CentOS 6 : automake (CESA-2013:0526) NASL family SuSE Local Security Checks NASL id SUSE_11_AUTOMAKE-130812.NASL description This update of automake fixes a race condition in last seen 2020-06-05 modified 2013-08-14 plugin id 69345 published 2013-08-14 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69345 title SuSE 11.2 / 11.3 Security Update : automake (SAT Patch Numbers 8196 / 8197) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_10F38033E00611E19304000000000000.NASL description GNU reports : The recipe of the 'distcheck' target granted temporary world-write permissions on the extracted distdir. This introduced a locally exploitable race condition for those who run 'make distcheck' with a non-restrictive umask (e.g., 022) in a directory that was accessible by others. A successful exploit would result in arbitrary code execution with the privileges of the user running 'make distcheck'. It is important to stress that this vulnerability impacts not only the Automake package itself, but all packages with Automake-generated makefiles. For an effective fix it is necessary to regenerate the Makefile.in files with a fixed Automake version. last seen 2017-10-29 modified 2012-08-15 plugin id 61444 published 2012-08-07 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=61444 title FreeBSD : automake -- Insecure 'distcheck' recipe granted world-writable distdir (10f38033-e006-11e1-9304-000000000000) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2014-401.NASL description It was found that the distcheck rule in Automake-generated Makefiles made a directory world-writable when preparing source archives. If a malicious, local user could access this directory, they could execute arbitrary code with the privileges of the user running last seen 2020-06-01 modified 2020-06-02 plugin id 78344 published 2014-10-12 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/78344 title Amazon Linux AMI : automake19 (ALAS-2014-401) NASL family Fedora Local Security Checks NASL id FEDORA_2012-14770.NASL description Fixed security problem CVE-2012-3386. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-10-04 plugin id 62420 published 2012-10-04 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62420 title Fedora 17 : automake17-1.7.9-16.fc17 (2012-14770) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2014-1243.NASL description From Red Hat Security Advisory 2014:1243 : An updated automake package that fixes one security issue is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Automake is a tool for automatically generating Makefile.in files compliant with the GNU Coding Standards. It was found that the distcheck rule in Automake-generated Makefiles made a directory world-writable when preparing source archives. If a malicious, local user could access this directory, they could execute arbitrary code with the privileges of the user running last seen 2020-06-01 modified 2020-06-02 plugin id 77736 published 2014-09-18 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77736 title Oracle Linux 5 : automake (ELSA-2014-1243) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2013-031.NASL description A vulnerability has been discovered and corrected in automake : A race condition in automake (lib/am/distdir.am) could allow a local attacker to run arbitrary code with the privileges of the user running make distcheck (CVE-2012-3386). The updated packages have been patched to correct this issue. NOTE: This advisory was previousely given the MDVSA-2013:018 identifier by mistake. last seen 2020-06-01 modified 2020-06-02 plugin id 66045 published 2013-04-20 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/66045 title Mandriva Linux Security Advisory : automake (MDVSA-2013:031) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2012-103.NASL description A vulnerability has been discovered and corrected in automake : A race condition in automake (lib/am/distdir.am) could allow a local attacker to run arbitrary code with the privileges of the user running make distcheck (CVE-2012-3386). The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 61957 published 2012-09-06 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/61957 title Mandriva Linux Security Advisory : automake (MDVSA-2012:103) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2014-1243.NASL description An updated automake package that fixes one security issue is now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Automake is a tool for automatically generating Makefile.in files compliant with the GNU Coding Standards. It was found that the distcheck rule in Automake-generated Makefiles made a directory world-writable when preparing source archives. If a malicious, local user could access this directory, they could execute arbitrary code with the privileges of the user running last seen 2020-06-01 modified 2020-06-02 plugin id 77990 published 2014-10-01 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77990 title CentOS 5 : automake (CESA-2014:1243) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-0526.NASL description An updated automake package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Automake is a tool for automatically generating Makefile.in files compliant with the GNU Coding Standards. It was found that the distcheck rule in Automake-generated Makefiles made a directory world-writable when preparing source archives. If a malicious, local user could access this directory, they could execute arbitrary code with the privileges of the user running last seen 2020-06-01 modified 2020-06-02 plugin id 64772 published 2013-02-21 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64772 title RHEL 6 : automake (RHSA-2013:0526) NASL family Fedora Local Security Checks NASL id FEDORA_2012-14297.NASL description - automake-1.11.6, fixes CVE-2012-3386 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-09-24 plugin id 62231 published 2012-09-24 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62231 title Fedora 16 : automake-1.11.6-1.fc16 (2012-14297)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- https://lists.gnu.org/archive/html/automake/2012-07/msg00023.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:103
- http://git.savannah.gnu.org/cgit/automake.git/commit/?id=784b3e6ccc7c72a1c95c340cbbe8897d6b689d76
- https://lists.gnu.org/archive/html/automake/2012-07/msg00022.html
- https://lists.gnu.org/archive/html/automake/2012-07/msg00021.html
- http://lists.opensuse.org/opensuse-updates/2012-11/msg00038.html
- http://rhn.redhat.com/errata/RHSA-2013-0526.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087665.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089187.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087538.html