FreeBSD : automake -- Insecure 'distcheck' recipe granted world-writable distdir (10f38033-e006-11e1-9304-000000000000)

NASLDB: FreeBSD : automake -- Insecure 'distcheck' recipe granted world-writable distdir (10f38033-e006-11e1-9304-000000000000)

General

ID: 61444
Name: FreeBSD : automake — Insecure ‘distcheck’ recipe granted world-writable distdir (10f38033-e006-11e1-9304-000000000000)

Summary: Checks for updated package in pkg_info output

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: –
CVSS Temporal Vector: –

Port: 0
Family: FreeBSD Local Security Checks
Type: Local

Description

GNU reports :

The recipe of the ‘distcheck’ target granted temporary world-write
permissions on the extracted distdir. This introduced a locally
exploitable race condition for those who run ‘make distcheck’ with a
non-restrictive umask (e.g., 022) in a directory that was accessible
by others. A successful exploit would result in arbitrary code
execution with the privileges of the user running ‘make distcheck’.

It is important to stress that this vulnerability impacts not only the
Automake package itself, but all packages with Automake-generated
makefiles. For an effective fix it is necessary to regenerate the
Makefile.in files with a fixed Automake version.

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: CVE-2012-3386
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: 2012/07/09
Patch Release: 2012/08/06
Plugin Release: 2012/08/07

Plugin

Version: 1.2
Filename: freebsd_pkg_10f38033e00611e19304000000000000.nasl
Filesize: 4997 bytes
MD5 Hash: 2cf8db2cb08ec6a6197f2d3f90b0b7e9

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info
Dependencies: "ssh_get_info.nasl"