CVE-2012-3386

Name of the Vulnerable Software and Affected Versions GNU Automake versions prior to 1.11.6 GNU Automake versions 1.12.x prior to 1.12.2 automake version 1.9.6

Description The issue allows local users to execute arbitrary code via unspecified vectors due to a race condition introduced by world-writable permissions to the extraction directory. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be carried out locally.

Recommendations For GNU Automake versions prior to 1.11.6, update to version 1.11.6 or later. For GNU Automake versions 1.12.x prior to 1.12.2, update to version 1.12.2 or later. For automake version 1.9.6, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the make distcheck rule to minimize the risk of exploitation.