Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2010:203 (automake)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.68337

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2010:203 (automake)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to automake
announced via advisory MDVSA-2010:203.

A vulnerability was discovered and corrected in automake:

The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3,
and release branches branch-1-4 through branch-1-9, when producing a
distribution tarball for a package that uses Automake, assign insecure
permissions (777) to directories in the build tree, which introduces
a race condition that allows local users to modify the contents of
package files, introduce Trojan horse programs, or conduct other
attacks before the build is complete (CVE-2009-4029).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.

Affected: 2009.0, 2009.1, 2010.0, 2010.1, Corporate 4.0,
Enterprise Server 5.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:203

Risk factor : Medium

CVSS Score:
4.6

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-4029
1021784
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021784.1-1
20101027 rPSA-2010-0071-1 automake
http://www.securityfocus.com/archive/1/514526/100/0/threaded
ADV-2009-3579
http://www.vupen.com/english/advisories/2009/3579
MDVSA-2010:203
http://www.mandriva.com/security/advisories?name=MDVSA-2010:203
[automake-patches] 20091128 [PATCH] do not put world-writable directories in distribution tarballs
http://lists.gnu.org/archive/html/automake-patches/2009-11/msg00017.html
[automake] 20091208 CVE-2009-4029 Automake security fix for 'make dist*'
http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html
[automake] 20091208 GNU Automake 1.10.3 released
http://lists.gnu.org/archive/html/automake/2009-12/msg00011.html
[automake] 20091208 GNU Automake 1.11.1 released
http://lists.gnu.org/archive/html/automake/2009-12/msg00010.html
[automake] 20091208 Re: CVE-2009-4029 Automake security fix for 'make dist*'
http://lists.gnu.org/archive/html/automake/2009-12/msg00013.html
http://savannah.gnu.org/forum/forum.php?forum_id=6077
http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071
oval:org.mitre.oval:def:11717
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11717

Copyright Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.68337
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2010:203 (automake)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to automake announced via advisory MDVSA-2010:203. A vulnerability was discovered and corrected in automake: The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete (CVE-2009-4029). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. Affected: 2009.0, 2009.1, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:203 Risk factor : Medium CVSS Score: 4.6
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4029 1021784 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021784.1-1 20101027 rPSA-2010-0071-1 automake http://www.securityfocus.com/archive/1/514526/100/0/threaded ADV-2009-3579 http://www.vupen.com/english/advisories/2009/3579 MDVSA-2010:203 http://www.mandriva.com/security/advisories?name=MDVSA-2010:203 [automake-patches] 20091128 [PATCH] do not put world-writable directories in distribution tarballs http://lists.gnu.org/archive/html/automake-patches/2009-11/msg00017.html [automake] 20091208 CVE-2009-4029 Automake security fix for 'make dist' http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html [automake] 20091208 GNU Automake 1.10.3 released http://lists.gnu.org/archive/html/automake/2009-12/msg00011.html [automake] 20091208 GNU Automake 1.11.1 released http://lists.gnu.org/archive/html/automake/2009-12/msg00010.html [automake] 20091208 Re: CVE-2009-4029 Automake security fix for 'make dist' http://lists.gnu.org/archive/html/automake/2009-12/msg00013.html http://savannah.gnu.org/forum/forum.php?forum_id=6077 http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071 oval:org.mitre.oval:def:11717 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11717
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com