The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors.
References
Configurations
Configuration 1 (hide)
|
History
13 Feb 2023, 04:33
Type | Values Removed | Values Added |
---|---|---|
Summary | The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors. | |
References |
|
02 Feb 2023, 14:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | It was found that the distcheck rule in Automake-generated Makefiles made a directory world-writable when preparing source archives. If a malicious, local user could access this directory, they could execute arbitrary code with the privileges of the user running "make distcheck". |
Information
Published : 2012-08-07 21:55
Updated : 2023-12-10 11:16
NVD link : CVE-2012-3386
Mitre link : CVE-2012-3386
CVE.ORG link : CVE-2012-3386
JSON object : View
Products Affected
gnu
- automake