Unrated severityNVD Advisory· Published Aug 7, 2012· Updated Apr 29, 2026
CVE-2012-3386
CVE-2012-3386
Description
The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors.
Affected products
50cpe:2.3:a:gnu:automake:*:*:*:*:*:*:*:*+ 49 more
- cpe:2.3:a:gnu:automake:*:*:*:*:*:*:*:*range: <=1.11.5
- cpe:2.3:a:gnu:automake:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:automake:1.10:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:automake:1.10.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:automake:1.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:automake:1.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:automake:1.10.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:automake:1.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:automake:1.11.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:automake:1.11.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:automake:1.11.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:automake:1.12:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:automake:1.12.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:automake:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:automake:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:automake:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:automake:1.4:p1:*:*:*:*:*:*
- cpe:2.3:a:gnu:automake:1.4:p2:*:*:*:*:*:*
- cpe:2.3:a:gnu:automake:1.4:p3:*:*:*:*:*:*
- cpe:2.3:a:gnu:automake:1.4:p4:*:*:*:*:*:*
- cpe:2.3:a:gnu:automake:1.4:p5:*:*:*:*:*:*
- cpe:2.3:a:gnu:automake:1.4:p6:*:*:*:*:*:*
- cpe:2.3:a:gnu:automake:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:automake:1.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:automake:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:automake:1.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:automake:1.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:automake:1.7:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:automake:1.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:automake:1.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:automake:1.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:automake:1.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:automake:1.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:automake:1.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:automake:1.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:automake:1.7.8:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:automake:1.7.9:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:automake:1.8:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:automake:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:automake:1.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:automake:1.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:automake:1.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:automake:1.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:automake:1.9:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:automake:1.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:automake:1.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:automake:1.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:automake:1.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:automake:1.9.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:automake:1.9.6:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- lists.gnu.org/archive/html/automake/2012-07/msg00021.htmlnvdPatch
- lists.gnu.org/archive/html/automake/2012-07/msg00022.htmlnvdPatch
- lists.gnu.org/archive/html/automake/2012-07/msg00023.htmlnvdPatch
- git.savannah.gnu.org/cgit/automake.git/commit/nvdExploitPatch
- lists.fedoraproject.org/pipermail/package-announce/2012-October/089187.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2012-September/087538.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2012-September/087665.htmlnvd
- lists.opensuse.org/opensuse-updates/2012-11/msg00038.htmlnvd
- rhn.redhat.com/errata/RHSA-2013-0526.htmlnvd
- www.mandriva.com/security/advisoriesnvd
News mentions
0No linked articles in our index yet.