VDB
CVE-2009-4029
CVE-2009-4029
PUBLISHED
CVSS 4.400000095367432 MEDIUM
The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.
EPSS 0.72% · 72.8th percentile
Risk Scores
CVSS 2.0
4.400000095367432
EPSS Score
0.72%
72.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| gnu | automake | 1.10.3, 1.11.1, * |
| n/a | n/a | n/a |
Exploit Intelligence
- MDVSA-2010:203 (circl)
- [automake] 20091208 CVE-2009-4029 Automake security fix for 'make dist*' (circl)
- http://savannah.gnu.org/forum/forum.php?forum_id=6077 (circl)
- [automake] 20091208 Re: CVE-2009-4029 Automake security fix for 'make dist*' (circl)
- 20101027 rPSA-2010-0071-1 automake (circl)
- [automake] 20091208 GNU Automake 1.11.1 released (circl)
- oval:org.mitre.oval:def:11717 (circl)
- http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071 (circl)
- ADV-2009-3579 (circl)
- [automake] 20091208 GNU Automake 1.10.3 released (circl)
…and 2 more exploits
Timeline
- Dec 20, 2009 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
References
- MDVSA-2010:203 vendor-advisory
- [automake] 20091208 CVE-2009-4029 Automake security fix for 'make dist*' mailing-list
- [automake-patches] 20091128 [PATCH] do not put world-writable directories in distribution tarballs mailing-list
- http://savannah.gnu.org/forum/forum.php?forum_id=6077 url
- [automake] 20091208 Re: CVE-2009-4029 Automake security fix for 'make dist*' mailing-list
- 20101027 rPSA-2010-0071-1 automake mailing-list
- [automake] 20091208 GNU Automake 1.11.1 released mailing-list
- oval:org.mitre.oval:def:11717 vdb
- http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071 url
- ADV-2009-3579 vdb
- [automake] 20091208 GNU Automake 1.10.3 released mailing-list
- 1021784 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2009-4029 advisory