New Search

The (1) dist or (2) distcheck rules in GNU Automake 1.11.1 1.10.3 and release branches branch-1-4 through branch-1-9 when producing a distribution tarball for a package that uses Automake assign insecure permissions (777) to directories in the build tree which introduces a race condition that allows local users to modify the contents of package files introduce Trojan horse programs or conduct other attacks before the build is complete.

oval:org.mitre.oval:def:11717

The (1) dist or (2) distcheck rules in GNU Automake 1.11.1 1.10.3 and release branches branch-1-4 through branch-1-9 when producing a distribution tarball for a package that uses Automake assign insecure permissions (777) to directories in the build tree which introduces a race condition that allows local users to modify the contents of package files introduce Trojan horse programs or conduct other attacks before the build is complete.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Red Hat Enterprise Linux 5
  • Oracle Linux 5
  • CentOS Linux 5
Class:
vulnerability
Reference(s):
  • CVE-2009-4029
Product(s):