FKIE_CVE-2012-3386
Vulnerability from fkie_nvd - Published: 2012-08-07 21:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | automake | * | |
| gnu | automake | 1.0 | |
| gnu | automake | 1.2 | |
| gnu | automake | 1.3 | |
| gnu | automake | 1.4 | |
| gnu | automake | 1.4 | |
| gnu | automake | 1.4 | |
| gnu | automake | 1.4 | |
| gnu | automake | 1.4 | |
| gnu | automake | 1.4 | |
| gnu | automake | 1.4 | |
| gnu | automake | 1.5 | |
| gnu | automake | 1.6 | |
| gnu | automake | 1.6.1 | |
| gnu | automake | 1.6.2 | |
| gnu | automake | 1.6.3 | |
| gnu | automake | 1.7 | |
| gnu | automake | 1.7.1 | |
| gnu | automake | 1.7.2 | |
| gnu | automake | 1.7.3 | |
| gnu | automake | 1.7.4 | |
| gnu | automake | 1.7.5 | |
| gnu | automake | 1.7.6 | |
| gnu | automake | 1.7.7 | |
| gnu | automake | 1.7.8 | |
| gnu | automake | 1.7.9 | |
| gnu | automake | 1.8 | |
| gnu | automake | 1.8.1 | |
| gnu | automake | 1.8.2 | |
| gnu | automake | 1.8.3 | |
| gnu | automake | 1.8.4 | |
| gnu | automake | 1.8.5 | |
| gnu | automake | 1.9 | |
| gnu | automake | 1.9.1 | |
| gnu | automake | 1.9.2 | |
| gnu | automake | 1.9.3 | |
| gnu | automake | 1.9.4 | |
| gnu | automake | 1.9.5 | |
| gnu | automake | 1.9.6 | |
| gnu | automake | 1.10 | |
| gnu | automake | 1.10.0.3 | |
| gnu | automake | 1.10.1 | |
| gnu | automake | 1.10.2 | |
| gnu | automake | 1.10.3 | |
| gnu | automake | 1.11.1 | |
| gnu | automake | 1.11.2 | |
| gnu | automake | 1.11.3 | |
| gnu | automake | 1.11.4 | |
| gnu | automake | 1.12 | |
| gnu | automake | 1.12.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:automake:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF1142BF-7EE4-4937-A928-86057C853BB8",
"versionEndIncluding": "1.11.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825E1F9E-0DFB-47BF-8D28-52B6804C199A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41C63958-FF26-4223-8EF5-1E2CEFD9DBC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "499D5653-552E-44EE-8183-FD5D05BF8F35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DE71E960-691A-4816-A04D-A8D1F3CDA2CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.4:p1:*:*:*:*:*:*",
"matchCriteriaId": "620AE4A6-8801-4E2E-BC16-4CA0A128EAD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.4:p2:*:*:*:*:*:*",
"matchCriteriaId": "5BB76EC2-1F74-4BB2-B1B5-F3416CDC345B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.4:p3:*:*:*:*:*:*",
"matchCriteriaId": "1E969575-F171-42B7-B02D-CD494D9F9CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.4:p4:*:*:*:*:*:*",
"matchCriteriaId": "6396CC6D-2290-4D98-90FD-498EFDAC690B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.4:p5:*:*:*:*:*:*",
"matchCriteriaId": "8227C2EC-7C6B-4C91-86FE-FD4892C0D855",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.4:p6:*:*:*:*:*:*",
"matchCriteriaId": "377CA093-EE7B-4F14-A9D0-62E678EE787E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8A8CECA9-BDE4-4E0D-9D1A-3A8B705736CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "37F4CA27-ECDF-4F2B-889B-954C1539DB8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A883A1BE-D2F9-43F6-9779-163762DC0BDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "098E2153-D183-4603-AB8E-A424E321CB3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A2C958A3-01F2-45A6-8F0B-74BE794E06CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6454F4F7-507E-4539-B566-39E5ABD9F3B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C19F15E-FBBC-4DEB-9438-DCF5FB9CD366",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E466BA9-460D-4B7E-BD10-9CD072DE8846",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F9ECA16B-1AD3-4199-9D01-018DBDA0AD63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6667859B-7297-4BB1-97DB-195037EB71C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8C42854C-5241-43A8-9E27-0701CE97BB94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "855F7E05-B617-4046-B6E4-7894CD237654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FD6A46DF-3A7F-40EA-B2D6-BBDB8CEF2744",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "26C09EE5-460F-4169-A372-878E77120204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5205CF45-634B-4994-8CB1-C70B87FFC7D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9AFB9079-79EA-4DC3-9C86-72D90788AB35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B2ABAC0-D633-43B6-9BA2-E346E8D2BAAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A579BF1E-0ECE-4D1F-8849-359626B9F250",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9FAE2575-4611-481E-AA37-549B2F528864",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F29368AC-C9BA-451B-90DA-CCE8AB291946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "81FB30CC-D96B-443A-B1B5-61F207F80B04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "6FF64364-4A8B-4155-9FDA-E4AF655EA826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E529FDE-1475-4F83-AD75-795AA2CFCE48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FAA3D112-97D4-4605-AAD9-ACD8C1901332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E44D4B2-F8E6-4D2E-800D-2101C1832261",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7565230F-80E8-49F2-BFC9-F33B690AC78D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "52DA2099-218B-4588-B381-539307426AB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "032119F6-768D-42BF-A4B8-2059BFA3AAD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "45D17CFC-3C6D-4EC1-9FED-2C158AC517C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.10.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5DD32447-BADF-4E6B-8745-75202A3AF83B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7348FBF0-AD00-4236-9CA0-BA01FD153629",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "06107483-9738-4C1A-A706-3DE7D9F04E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B2A91930-6A6C-4B56-99DF-8A06F270AEC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F35A4AC-1FA1-49CA-A465-5E0E6E05AC0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CE405EB-E067-464D-86AE-6F0C56C7250E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6C72AC-9EDB-4BB4-8C7F-BA1F886939EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DDD57193-65DC-4AFC-96C0-725AC176E7F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C64F490F-2837-4A97-BA1E-6E796B8B4F27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:automake:1.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1CE494CF-6DD2-451E-B9F4-A102B06B9183",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The \"make distcheck\" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors."
},
{
"lang": "es",
"value": "La regla \"make distcheck\" en GNU Automake anterior a v1.11.6 y v1.12.x anterior a v1.12.2 asigna permisos world-writable al directorio de extracci\u00f3n, lo que produce una vulnerabilidad de condici\u00f3n de carrera que permite a usuarios locales ejecutar c\u00f3digo a trav\u00e9s de vectores no determinados."
}
],
"id": "CVE-2012-3386",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-07T21:55:01.420",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://git.savannah.gnu.org/cgit/automake.git/commit/?id=784b3e6ccc7c72a1c95c340cbbe8897d6b689d76"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089187.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087538.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087665.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00038.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0526.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:103"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00021.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00022.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://git.savannah.gnu.org/cgit/automake.git/commit/?id=784b3e6ccc7c72a1c95c340cbbe8897d6b689d76"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089187.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087538.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087665.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00038.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0526.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00023.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
},
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…