CVE-2009-4029

N/A Unknown

Published: December 20, 2009 Modified: April 23, 2026

Description

The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://lists.gnu.org/archive/html/automake-patches/2009-11/msg00017.html

Source: secalert@redhat.com

Exploit

http://lists.gnu.org/archive/html/automake/2009-12/msg00010.html

Source: secalert@redhat.com

http://lists.gnu.org/archive/html/automake/2009-12/msg00011.html

Source: secalert@redhat.com

http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html

Source: secalert@redhat.com

Patch

http://lists.gnu.org/archive/html/automake/2009-12/msg00013.html

Source: secalert@redhat.com

http://savannah.gnu.org/forum/forum.php?forum_id=6077

Source: secalert@redhat.com

http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021784.1-1

Source: secalert@redhat.com

http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2010:203

Source: secalert@redhat.com

http://www.securityfocus.com/archive/1/514526/100/0/threaded

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2009/3579

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11717

Source: secalert@redhat.com

http://lists.gnu.org/archive/html/automake-patches/2009-11/msg00017.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://lists.gnu.org/archive/html/automake/2009-12/msg00010.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.gnu.org/archive/html/automake/2009-12/msg00011.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://lists.gnu.org/archive/html/automake/2009-12/msg00013.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://savannah.gnu.org/forum/forum.php?forum_id=6077

Source: af854a3a-2127-422b-91ae-364da2661108

http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021784.1-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0071

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2010:203

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/514526/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2009/3579

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11717

Source: af854a3a-2127-422b-91ae-364da2661108

24 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

0.7%

72th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-362

Affected Vendors

gnu

Related CVEs

CVE-2026-7041 3.7

CVE-2026-7039 7.8

CVE-2026-7038 3.3

CVE-2026-7037 9.8

CVE-2026-7036 7.3