Rapid7 Vulnerability & Exploit Database

RHSA-2010:0321: automake security update

Back to Search

RHSA-2010:0321: automake security update

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
12/19/2009
Created
07/25/2018
Added
04/06/2010
Modified
07/04/2017

Description

Automake is a tool for automatically generating Makefile.in files compliantwith the GNU Coding Standards.Automake-generated Makefiles made certain directories world-writable whenpreparing source archives, as was recommended by the GNU Coding Standards.If a malicious, local user could access the directory where a victim wascreating distribution archives, they could use this flaw to modify thefiles being added to those archives. Makefiles generated by these updatedautomake packages no longer make distribution directories world-writable,as recommended by the updated GNU Coding Standards. (CVE-2009-4029)Note: This issue affected Makefile targets used by developers to preparedistribution source archives. Those targets are not used when compilingprograms from the source code.All users of automake, automake14, automake15, automake16, and automake17should upgrade to these updated packages, which resolve this issue.

Solution(s)

  • redhat-upgrade-automake
  • redhat-upgrade-automake14
  • redhat-upgrade-automake15
  • redhat-upgrade-automake16
  • redhat-upgrade-automake17

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;