SB2012080201 - Permissions, Privileges, and Access Controls in automake (Alpine package)
Published: August 2, 2012
Security Bulletin ID
SB2012080201
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2012-3386)
The vulnerability allows a local non-authenticated attacker to read and manipulate data.
The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=b2343efd22068339ff40fa6f2843c0dc091b1a99
- https://git.alpinelinux.org/aports/commit/?id=34b273c51b4fce732e99c67ea3f9100ae6fbddbe
- https://git.alpinelinux.org/aports/commit/?id=062bb700ce703861444fbd608806926be84424e6
- https://git.alpinelinux.org/aports/commit/?id=1115258c16958c17094b9a4a8bd1c70b32727e5e
- https://git.alpinelinux.org/aports/commit/?id=dae12d8f92abd8d0e1836b5430613ef6408b9114
- https://git.alpinelinux.org/aports/commit/?id=a3b337c04610053a647eb283518f6be19f07f7bf