Launchpad CVE tracker

CVE 2009-4029

The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.

Related bugs and status

CVE-2009-4029 (Candidate) is related to these bugs:

Bug #19396: [breezy] Automake is defaulting to an ancient version

Summary				In	Importance	Status
	19396	[breezy] Automake is defaulting to an ancient version		automake (Ubuntu)	Medium	Invalid

Bug #526035: Upgrade package version to 1.11.1

Summary				In	Importance	Status
	526035	Upgrade package version to 1.11.1		automake1.11 (Ubuntu)	Undecided	Fix Released
	526035	Upgrade package version to 1.11.1		automake1.11 (Ubuntu Karmic)	Undecided	Won't Fix

Bug #542247: Sync automake 1:1.4-p6-13.1 (main) from Debian testing (main)

Summary				In	Importance	Status
	542247	Sync automake 1:1.4-p6-13.1 (main) from Debian testing (main)		automake (Ubuntu)	Wishlist	Fix Released

Bug #542252: Sync automake1.7 1.7.9-9.1 (universe) from Debian testing (main)

Summary				In	Importance	Status
	542252	Sync automake1.7 1.7.9-9.1 (universe) from Debian testing (main)		automake1.7 (Ubuntu)	Wishlist	Fix Released

Bug #1023960: (CVE-2012-3386) CVE-2012-3386 automake: locally exploitable "make distcheck" bug

		In	Importance	Status
1023960	(CVE-2012-3386) CVE-2012-3386 automake: locally exploitable "make distcheck" bug	automake (Ubuntu)	Low	Incomplete
1023960	(CVE-2012-3386) CVE-2012-3386 automake: locally exploitable "make distcheck" bug	automake (Debian)	Unknown	Fix Released
1023960	(CVE-2012-3386) CVE-2012-3386 automake: locally exploitable "make distcheck" bug	automake (Fedora)	Low	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2009-4029

References