CVE-2009-4029
EPSS 0.72%
Description
The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.
How to fix CVE-2009-4029
To remediate CVE-2009-4029, upgrade the affected package to a fixed version below.
- Debian/automake—upgrade to 1:1.4-p6-13.1 or later
Is CVE-2009-4029 being exploited?
Low — EPSS is 0.7%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1:1.4-p6-13.1