Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.67168
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2010:0321
Summary:NOSUMMARY
Description:Description:
The remote host is missing updates announced in
advisory RHSA-2010:0321.

Automake is a tool for automatically generating Makefile.in files compliant
with the GNU Coding Standards.

Automake-generated Makefiles made certain directories world-writable when
preparing source archives, as was recommended by the GNU Coding Standards.
If a malicious, local user could access the directory where a victim was
creating distribution archives, they could use this flaw to modify the
files being added to those archives. Makefiles generated by these updated
automake packages no longer make distribution directories world-writable,
as recommended by the updated GNU Coding Standards. (CVE-2009-4029)

Note: This issue affected Makefile targets used by developers to prepare
distribution source archives. Those targets are not used when compiling
programs from the source code.

All users of automake, automake14, automake15, automake16, and automake17
should upgrade to these updated packages, which resolve this issue.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2010-0321.html
http://www.redhat.com/security/updates/classification/#low
http://www.gnu.org/prep/standards/html_node/Releases.html

Risk factor : Medium

CVSS Score:
4.6

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-4029
Bugtraq: 20101027 rPSA-2010-0071-1 automake (Google Search)
http://www.securityfocus.com/archive/1/514526/100/0/threaded
http://www.mandriva.com/security/advisories?name=MDVSA-2010:203
http://lists.gnu.org/archive/html/automake-patches/2009-11/msg00017.html
http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html
http://lists.gnu.org/archive/html/automake/2009-12/msg00011.html
http://lists.gnu.org/archive/html/automake/2009-12/msg00010.html
http://lists.gnu.org/archive/html/automake/2009-12/msg00013.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11717
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021784.1-1
http://www.vupen.com/english/advisories/2009/3579
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.