Note: This is an archival copy of Security Sun Alert 275650 as previously published on http://sunsolve.sun.com.|
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1021784.1.
Date of Resolved Release
GNU "Automake" contains a race condition security vulnerability:
GNU Automake is a tool for automatically generating "Makefile.in" files compliant with the GNU Coding Standards. GNU Automake contains a race condition security vulnerability that may allow a local unprivileged user to make unauthorized changes to package files or execute arbitrary code with the privileges of another local user when that user is running the "dist" and "distcheck" targets.
This issue is also described in the following document:
This issue can occur in the following releases:
Note 2: This vulnerability only affects OpenSolaris systems that have installed the Automake package (beginning with SUNWgnu-automake). The SUNWgnu-automake
package is not installed by default. To determine if the SUNWgnu-automake package is installed, the following command can be run:
$ pkg list 'SUNWgnu-automake*'Note 3: OpenSolaris distributions may include additional bug fixes above and beyond the build from which it was derived. To determine the base build of OpenSolaris, the following command can be used:
$ uname -v
There are no predictable symptoms that would indicate the described issue has been exploited.
To work around the described issue, download and build a newer version of automake (1.10.3, 1.11.1 or later). For example 1.10.3 can be obtained from:
This issue is resolved in the following releases:
Copyright 2000-2010 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.
This solution has no attachment