Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2014-401)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.120498

Categoría: Amazon Linux Local Security Checks

Título: Amazon Linux: Security Advisory (ALAS-2014-401)

Resumen: The remote host is missing an update for the 'automake19' package(s) announced via the ALAS-2014-401 advisory.

Descripción: Summary:
The remote host is missing an update for the 'automake19' package(s) announced via the ALAS-2014-401 advisory.

Vulnerability Insight:
It was found that the distcheck rule in Automake-generated Makefiles made a directory world-writable when preparing source archives. If a malicious, local user could access this directory, they could execute arbitrary code with the privileges of the user running 'make distcheck'.

Affected Software/OS:
'automake19' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
4.4

CVSS Vector:
AV:L/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-3386
FEDORA-2012-14297
http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087665.html
FEDORA-2012-14349
http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087538.html
FEDORA-2012-14770
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089187.html
MDVSA-2012:103
http://www.mandriva.com/security/advisories?name=MDVSA-2012:103
RHSA-2013:0526
http://rhn.redhat.com/errata/RHSA-2013-0526.html
[automake] 20120709 CVE-2012-3386 Automake security fix for 'make distcheck'
https://lists.gnu.org/archive/html/automake/2012-07/msg00023.html
[automake] 20120709 GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!)
https://lists.gnu.org/archive/html/automake/2012-07/msg00021.html
[automake] 20120709 GNU Automake 1.12.2 released (fixes a SECURITY VULNERABILITY!)
https://lists.gnu.org/archive/html/automake/2012-07/msg00022.html
http://git.savannah.gnu.org/cgit/automake.git/commit/?id=784b3e6ccc7c72a1c95c340cbbe8897d6b689d76
openSUSE-SU-2012:1519
http://lists.opensuse.org/opensuse-updates/2012-11/msg00038.html

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.120498
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2014-401)
Resumen:	The remote host is missing an update for the 'automake19' package(s) announced via the ALAS-2014-401 advisory.
Descripción:	Summary: The remote host is missing an update for the 'automake19' package(s) announced via the ALAS-2014-401 advisory. Vulnerability Insight: It was found that the distcheck rule in Automake-generated Makefiles made a directory world-writable when preparing source archives. If a malicious, local user could access this directory, they could execute arbitrary code with the privileges of the user running 'make distcheck'. Affected Software/OS: 'automake19' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 4.4 CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-3386 FEDORA-2012-14297 http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087665.html FEDORA-2012-14349 http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087538.html FEDORA-2012-14770 http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089187.html MDVSA-2012:103 http://www.mandriva.com/security/advisories?name=MDVSA-2012:103 RHSA-2013:0526 http://rhn.redhat.com/errata/RHSA-2013-0526.html [automake] 20120709 CVE-2012-3386 Automake security fix for 'make distcheck' https://lists.gnu.org/archive/html/automake/2012-07/msg00023.html [automake] 20120709 GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!) https://lists.gnu.org/archive/html/automake/2012-07/msg00021.html [automake] 20120709 GNU Automake 1.12.2 released (fixes a SECURITY VULNERABILITY!) https://lists.gnu.org/archive/html/automake/2012-07/msg00022.html http://git.savannah.gnu.org/cgit/automake.git/commit/?id=784b3e6ccc7c72a1c95c340cbbe8897d6b689d76 openSUSE-SU-2012:1519 http://lists.opensuse.org/opensuse-updates/2012-11/msg00038.html
Copyright	Copyright (C) 2015 Greenbone AG