Monday, October 18, 2010

automake: race condition errors vulnerability

Users of automake please be advised of a race condition errors vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com
MDVSA-2010:203: [MDVSA-2010:203] automake race condition errors
Problem Description:



A vulnerability was discovered and corrected in automake:



The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3,

and release branches branch-1-4 through branch-1-9, when producing a

distribution tarball for a package that uses Automake, assign insecure

permissions (777) to directories in the build tree, which introduces

a race condition that allows local users to modify the contents of

package files, introduce Trojan horse programs, or conduct other

attacks before the build is complete (CVE-2009-4029).


Read more at www.criticalwatch.com
 

No comments:

Post a Comment