What is the severity of CVE-2009-4029?

CVE-2009-4029 has been classified with a moderate severity due to its potential to introduce a race condition with insecure permissions.

How do I fix CVE-2009-4029?

To fix CVE-2009-4029, upgrade GNU Automake to version 1.11.2 or later, or apply the relevant patches.

What versions of GNU Automake are affected by CVE-2009-4029?

CVE-2009-4029 affects GNU Automake versions 1.10.3, 1.11.1, and branch versions from 1-4 to 1-9.

What is the nature of the vulnerability in CVE-2009-4029?

The nature of the vulnerability in CVE-2009-4029 involves the assignment of insecure permissions (777) to directories during the creation of distribution tarballs.

Is CVE-2009-4029 applicable to production environments?

Yes, CVE-2009-4029 is applicable to production environments using vulnerable versions of GNU Automake and poses a security risk.

Vulnerability/
CVE-2009-4029

medium

4.4

CWE

362

20/12/2009

7/8/2024

CVE-2009-4029: Race Condition

First published: Sun Dec 20 2009(Updated: )

The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
GNU Automake	=1.11.1
GNU Automake	=branch-1-9
GNU Automake	=1.10.3

Remedy

http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2009-4029?
CVE-2009-4029 has been classified with a moderate severity due to its potential to introduce a race condition with insecure permissions.
How do I fix CVE-2009-4029?
To fix CVE-2009-4029, upgrade GNU Automake to version 1.11.2 or later, or apply the relevant patches.
What versions of GNU Automake are affected by CVE-2009-4029?
CVE-2009-4029 affects GNU Automake versions 1.10.3, 1.11.1, and branch versions from 1-4 to 1-9.
What is the nature of the vulnerability in CVE-2009-4029?
The nature of the vulnerability in CVE-2009-4029 involves the assignment of insecure permissions (777) to directories during the creation of distribution tarballs.
Is CVE-2009-4029 applicable to production environments?
Yes, CVE-2009-4029 is applicable to production environments using vulnerable versions of GNU Automake and poses a security risk.

collector/nvd-historical
collector/nvd-index
agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/remedy
agent/severity
agent/last-modified-date
agent/description
agent/first-publish-date
agent/author
agent/tags
agent/event
agent/source
vendor/gnu
canonical/gnu automake
version/gnu automake/1.11.1
version/gnu automake/branch-1-9
version/gnu automake/1.10.3

Frequently Asked Questions

What is the severity of CVE-2009-4029?
CVE-2009-4029 has been classified with a moderate severity due to its potential to introduce a race condition with insecure permissions.
How do I fix CVE-2009-4029?
To fix CVE-2009-4029, upgrade GNU Automake to version 1.11.2 or later, or apply the relevant patches.
What versions of GNU Automake are affected by CVE-2009-4029?
CVE-2009-4029 affects GNU Automake versions 1.10.3, 1.11.1, and branch versions from 1-4 to 1-9.
What is the nature of the vulnerability in CVE-2009-4029?
The nature of the vulnerability in CVE-2009-4029 involves the assignment of insecure permissions (777) to directories during the creation of distribution tarballs.
Is CVE-2009-4029 applicable to production environments?
Yes, CVE-2009-4029 is applicable to production environments using vulnerable versions of GNU Automake and poses a security risk.

CVE-2009-4029: Race Condition

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2009-4029?

How do I fix CVE-2009-4029?

What versions of GNU Automake are affected by CVE-2009-4029?

What is the nature of the vulnerability in CVE-2009-4029?

Is CVE-2009-4029 applicable to production environments?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2009-4029?

How do I fix CVE-2009-4029?

What versions of GNU Automake are affected by CVE-2009-4029?

What is the nature of the vulnerability in CVE-2009-4029?

Is CVE-2009-4029 applicable to production environments?