VYPR
Unrated severityNVD Advisory· Published Dec 20, 2009· Updated Jun 16, 2026

CVE-2009-4029

CVE-2009-4029

Description

The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

5
  • GNU/Automake4 versions
    cpe:2.3:a:gnu:automake:1.10.3:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:gnu:automake:1.10.3:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:automake:1.11.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gnu:automake:branch:1-9:*:*:*:*:*:*
    • (no CPE)range: affected <= 1.11.1, 1.10.3, and branches 1-4 through 1-9

Patches

Vulnerability mechanics

References

11

News mentions

0

No linked articles in our index yet.