LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

automake: arbitrary code execution

Package(s):automake CVE #(s):CVE-2009-4029
Created:January 4, 2010 Updated:October 27, 2010
Description:

From the Red Hat bugzilla entry:

Jim Meyering found a race condition in the way Automake used to prepare content of directories hierarchy (top-level directory and its subdirectories), when the "distdir" based Automake target was used. A local attacker could use this flaw to inject malicious content into the resulting directory and potentially subsequently execute arbitrary code with the privileges of the user issuing the "./configure" command.

Alerts:
rPath rPSA-2010-0071-1 2010-10-27
Mandriva MDVSA-2010:203 2010-10-13
Red Hat RHSA-2010:0321-04 2010-03-30
Fedora FEDORA-2010-3573 2010-03-03
Fedora FEDORA-2010-3569 2010-03-03
Fedora FEDORA-2010-3520 2010-03-03
Fedora FEDORA-2010-1148 2010-02-21
Fedora FEDORA-2010-3563 2010-03-03
Fedora FEDORA-2010-1174 2010-02-21
Fedora FEDORA-2010-1718 2010-02-21
Fedora FEDORA-2010-3591 2010-03-03
Fedora FEDORA-2009-13157 2009-12-16
Fedora FEDORA-2010-1216 2010-01-29
(Log in to post comments)

automake: arbitrary code execution

Posted Jan 7, 2010 16:19 UTC (Thu) by nix (subscriber, #2304) [Link]

The impact in detail.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds