FreeBSD Local Security Checks : FreeBSD Ports: automake

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.71510

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: automake

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following package is affected: automake

CVE-2012-3386
The 'make distcheck' rule in GNU Automake before 1.11.6 and 1.12.x
before 1.12.2 grants world-writable permissions to the extraction
directory, which introduces a race condition that allows local users
to execute arbitrary code via unspecified vectors.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
4.4

CVSS Vector:
AV:L/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-3386
FEDORA-2012-14297
http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087665.html
FEDORA-2012-14349
http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087538.html
FEDORA-2012-14770
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089187.html
MDVSA-2012:103
http://www.mandriva.com/security/advisories?name=MDVSA-2012:103
RHSA-2013:0526
http://rhn.redhat.com/errata/RHSA-2013-0526.html
[automake] 20120709 CVE-2012-3386 Automake security fix for 'make distcheck'
https://lists.gnu.org/archive/html/automake/2012-07/msg00023.html
[automake] 20120709 GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!)
https://lists.gnu.org/archive/html/automake/2012-07/msg00021.html
[automake] 20120709 GNU Automake 1.12.2 released (fixes a SECURITY VULNERABILITY!)
https://lists.gnu.org/archive/html/automake/2012-07/msg00022.html
http://git.savannah.gnu.org/cgit/automake.git/commit/?id=784b3e6ccc7c72a1c95c340cbbe8897d6b689d76
openSUSE-SU-2012:1519
http://lists.opensuse.org/opensuse-updates/2012-11/msg00038.html

Copyright Copyright (C) 2012 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.71510
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: automake
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: automake CVE-2012-3386 The 'make distcheck' rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 4.4 CVSS Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-3386 FEDORA-2012-14297 http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087665.html FEDORA-2012-14349 http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087538.html FEDORA-2012-14770 http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089187.html MDVSA-2012:103 http://www.mandriva.com/security/advisories?name=MDVSA-2012:103 RHSA-2013:0526 http://rhn.redhat.com/errata/RHSA-2013-0526.html [automake] 20120709 CVE-2012-3386 Automake security fix for 'make distcheck' https://lists.gnu.org/archive/html/automake/2012-07/msg00023.html [automake] 20120709 GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!) https://lists.gnu.org/archive/html/automake/2012-07/msg00021.html [automake] 20120709 GNU Automake 1.12.2 released (fixes a SECURITY VULNERABILITY!) https://lists.gnu.org/archive/html/automake/2012-07/msg00022.html http://git.savannah.gnu.org/cgit/automake.git/commit/?id=784b3e6ccc7c72a1c95c340cbbe8897d6b689d76 openSUSE-SU-2012:1519 http://lists.opensuse.org/opensuse-updates/2012-11/msg00038.html
Copyright	Copyright (C) 2012 E-Soft Inc.