Vulnerability in automake < 1.11.6 allows local privilege escalation
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3386
The “make distcheck” rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors.
(from redmine: issue id 1762, created on 2013-04-05, closed on 2013-04-17)
- Relations:
- child #1763 (closed)
- child #1764 (closed)
- Changesets:
- Revision 062bb700 by Natanael Copa on 2013-04-12T14:19:59Z:
main/automake: security upgrade to 1.11.6 (CVE-2012-3386)
fixes #1762