What is the severity of CVE-2012-3386?

CVE-2012-3386 has a medium severity rating due to the potential for local users to execute arbitrary code.

How do I fix CVE-2012-3386?

To fix CVE-2012-3386, upgrade to GNU Automake version 1.11.6 or later, or 1.12.2 or later.

What types of systems are affected by CVE-2012-3386?

CVE-2012-3386 affects systems running GNU Automake versions prior to 1.11.6 and 1.12.2.

What kind of vulnerability is CVE-2012-3386?

CVE-2012-3386 is a local privilege escalation vulnerability caused by improper directory permissions.

Can CVE-2012-3386 be exploited remotely?

No, CVE-2012-3386 requires local access, making it a local exploitation vulnerability.

Vulnerability/
CVE-2012-3386

medium

4.4

CWE

264 362

7/8/2012

13/2/2023

CVE-2012-3386: Race Condition

First published: Tue Aug 07 2012(Updated: )

The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
GNU Automake	<=1.11.5
GNU Automake	=1.0
GNU Automake	=1.2
GNU Automake	=1.3
GNU Automake	=1.4
GNU Automake	=1.4-p1
GNU Automake	=1.4-p2
GNU Automake	=1.4-p3
GNU Automake	=1.4-p4
GNU Automake	=1.4-p5
GNU Automake	=1.4-p6
GNU Automake	=1.5
GNU Automake	=1.6
GNU Automake	=1.6.1
GNU Automake	=1.6.2
GNU Automake	=1.6.3
GNU Automake	=1.7
GNU Automake	=1.7.1
GNU Automake	=1.7.2
GNU Automake	=1.7.3
GNU Automake	=1.7.4
GNU Automake	=1.7.5
GNU Automake	=1.7.6
GNU Automake	=1.7.7
GNU Automake	=1.7.8
GNU Automake	=1.7.9
GNU Automake	=1.8
GNU Automake	=1.8.1
GNU Automake	=1.8.2
GNU Automake	=1.8.3
GNU Automake	=1.8.4
GNU Automake	=1.8.5
GNU Automake	=1.9
GNU Automake	=1.9.1
GNU Automake	=1.9.2
GNU Automake	=1.9.3
GNU Automake	=1.9.4
GNU Automake	=1.9.5
GNU Automake	=1.9.6
GNU Automake	=1.10
GNU Automake	=1.10.0.3
GNU Automake	=1.10.1
GNU Automake	=1.10.2
GNU Automake	=1.10.3
GNU Automake	=1.11.1
GNU Automake	=1.11.2
GNU Automake	=1.11.3
GNU Automake	=1.11.4
GNU Automake	=1.12
GNU Automake	=1.12.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-3386?
CVE-2012-3386 has a medium severity rating due to the potential for local users to execute arbitrary code.
How do I fix CVE-2012-3386?
To fix CVE-2012-3386, upgrade to GNU Automake version 1.11.6 or later, or 1.12.2 or later.
What types of systems are affected by CVE-2012-3386?
CVE-2012-3386 affects systems running GNU Automake versions prior to 1.11.6 and 1.12.2.
What kind of vulnerability is CVE-2012-3386?
CVE-2012-3386 is a local privilege escalation vulnerability caused by improper directory permissions.
Can CVE-2012-3386 be exploited remotely?
No, CVE-2012-3386 requires local access, making it a local exploitation vulnerability.

collector/nvd-index
agent/weakness
agent/references
agent/author
agent/severity
agent/description
agent/tags
agent/type
agent/event
agent/first-publish-date
agent/softwarecombine
agent/remedy
agent/last-modified-date
vendor/gnu
canonical/gnu automake
version/gnu automake/1.11.5
version/gnu automake/1.0
version/gnu automake/1.2
version/gnu automake/1.3
version/gnu automake/1.4
version/gnu automake/1.4-p1
version/gnu automake/1.4-p2
version/gnu automake/1.4-p3
version/gnu automake/1.4-p4
version/gnu automake/1.4-p5
version/gnu automake/1.4-p6
version/gnu automake/1.5
version/gnu automake/1.6
version/gnu automake/1.6.1
version/gnu automake/1.6.2
version/gnu automake/1.6.3
version/gnu automake/1.7
version/gnu automake/1.7.1
version/gnu automake/1.7.2
version/gnu automake/1.7.3
version/gnu automake/1.7.4
version/gnu automake/1.7.5
version/gnu automake/1.7.6
version/gnu automake/1.7.7
version/gnu automake/1.7.8
version/gnu automake/1.7.9
version/gnu automake/1.8
version/gnu automake/1.8.1
version/gnu automake/1.8.2
version/gnu automake/1.8.3
version/gnu automake/1.8.4
version/gnu automake/1.8.5
version/gnu automake/1.9
version/gnu automake/1.9.1
version/gnu automake/1.9.2
version/gnu automake/1.9.3
version/gnu automake/1.9.4
version/gnu automake/1.9.5
version/gnu automake/1.9.6
version/gnu automake/1.10
version/gnu automake/1.10.0.3
version/gnu automake/1.10.1
version/gnu automake/1.10.2
version/gnu automake/1.10.3
version/gnu automake/1.11.1
version/gnu automake/1.11.2
version/gnu automake/1.11.3
version/gnu automake/1.11.4
version/gnu automake/1.12
version/gnu automake/1.12.1

CVE-2012-3386: Race Condition

Remedy

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-3386?

How do I fix CVE-2012-3386?

What types of systems are affected by CVE-2012-3386?

What kind of vulnerability is CVE-2012-3386?

Can CVE-2012-3386 be exploited remotely?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2012-3386?

How do I fix CVE-2012-3386?

What types of systems are affected by CVE-2012-3386?

What kind of vulnerability is CVE-2012-3386?

Can CVE-2012-3386 be exploited remotely?