Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: Symlink Vulnerability in GNU automake <1.8.3

Symlink Vulnerability in GNU automake <1.8.3

From: Stefan Nordhausen <deletethis.nordhaus_at_informatik.hu-berlin.de>
Date: Mon, 08 Mar 2004 15:47:12 +0100

Vulnerable: GNU automake <1.8.3
Not Vulnerable: GNU automake 1.8.3
Project website: http://www.gnu.org/software/automake/

Description of libtool (from website):
"Automake is a tool for automatically generating `Makefile.in' files
compliant with the GNU Coding Standards."

Discussion:
The Makefiles generated by automake insecurely create temporary
directories. Because the insecure code is inside the Makefile this bug
can only be exploited during compile time.

The bug original report with some more detail can be found at
http://sources.redhat.com/cgi-bin/gnatsweb.pl?cmd=view%20audit-trail&database=automake&pr=413

Solution:
This vulnerability has been fixed in GNU automake 1.8.3 which is the
current stable release. Programmers should update their automake
packages and re-create their Makefiles if they were created using GNU
automake.

Regards
Stefan Nordhausen 

--
If you put garbage in a computer nothing comes out but garbage. But this 
garbage, having passed through a very expensive machine, is somehow 
enobled and none dare criticize it.
Received on Mar 08 2004
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos