Main Vulnerability Database SB2014091812

SB2014091812 - Amazon Linux AMI update for automake19

Published: September 18, 2014

Security Bulletin ID SB2014091812

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2012-3386)

The vulnerability allows a local non-authenticated attacker to read and manipulate data.

The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors.

Remediation

Install update from vendor's website.

References

https://alas.aws.amazon.com/ALAS-2014-401.html