CVE-2012-3386

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2012-3386 at MITRE

Description

The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors.

NVD CVSS v2 Base Score: 4.4 (AV:L/AC:M/Au:N/C:P/I:P/A:P)

SUSE information

SUSE Bugzilla entries: 770618, 786745

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Server 11 SP2
  • automake >= 1.10.1-4.131.9.1
Patchnames:
slessp2-automake
SUSE Linux Enterprise Server 11 SP3
  • automake >= 1.10.1-4.131.9.1
Patchnames:
slessp3-automake
SUSE Linux Enterprise Server for VMWare 11 SP2
  • automake >= 1.10.1-4.131.9.1
Patchnames:
slessp2-automake
SUSE Linux Enterprise Server for VMWare 11 SP3
  • automake >= 1.10.1-4.131.9.1
Patchnames:
slessp3-automake
SUSE Linux Enterprise Software Development Kit 11 SP2
  • automake >= 1.10.1-4.131.9.1
Patchnames:
sdksp2-automake
SUSE Linux Enterprise Software Development Kit 11 SP3
  • automake >= 1.10.1-4.131.9.1
Patchnames:
sdksp3-automake
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
SUSE Linux Enterprise Software Development Kit 11 SP3
  • automake >= 1.10.1-4.131.9.1
Builds
SAT Patch Nr: 8197
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
SUSE Linux Enterprise Software Development Kit 11 SP2
  • automake >= 1.10.1-4.131.9.1
Builds
SAT Patch Nr: 8196