CVSS: 7.0EPSS: 0%CPEs: 50EXPL: 1CVE-2012-3386 – automake: locally exploitable "make distcheck" bug
https://notcve.org/view.php?id=CVE-2012-3386
07 Aug 2012 — The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors. La regla "make distcheck" en GNU Automake anterior a v1.11.6 y v1.12.x anterior a v1.12.2 asigna permisos world-writable al directorio de extracción, lo que produce una vulnerabilidad de condición de carrera que permite a usuarios locales ejecutar código a tr... • http://git.savannah.gnu.org/cgit/automake.git/commit/?id=784b3e6ccc7c72a1c95c340cbbe8897d6b689d76 • CWE-264: Permissions, Privileges, and Access Controls CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 1CVE-2009-4029 – Automake: Race condition by creation of "distdir" based directory hierarchy
https://notcve.org/view.php?id=CVE-2009-4029
20 Dec 2009 — The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete. Las reglas (1) dist o (2) distcheck en GNU Automake v1.11.1, v1.1... • http://lists.gnu.org/archive/html/automake-patches/2009-11/msg00017.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •