{"api_version":"1","generated_at":"2026-05-13T01:07:08+00:00","cve":"CVE-2012-3386","urls":{"html":"https://cve.report/CVE-2012-3386","api":"https://cve.report/api/cve/CVE-2012-3386.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2012-3386","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2012-3386"},"summary":{"title":"CVE-2012-3386","description":"The \"make distcheck\" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors.","state":"PUBLISHED","assigner":"redhat","published_at":"2012-08-07 21:55:01","updated_at":"2026-04-29 01:13:23"},"problem_types":["CWE-264","CWE-362","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.4","severity":"","vector":"AV:L/AC:M/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:P/I:P/A:P","baseScore":4.4,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"http://lists.opensuse.org/opensuse-updates/2012-11/msg00038.html","name":"http://lists.opensuse.org/opensuse-updates/2012-11/msg00038.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"openSUSE-SU-2012:1519-1: automake: fixed a race condition","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087538.html","name":"http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087538.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[SECURITY] Fedora 17 Update: automake-1.11.6-1.fc17","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2012:103","name":"http://www.mandriva.com/security/advisories?name=MDVSA-2012:103","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Support / Security / Advisories /  / MDVSA-2012:103 | Mandriva","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089187.html","name":"http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089187.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[SECURITY] Fedora 17 Update: automake17-1.7.9-16.fc17","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://git.savannah.gnu.org/cgit/automake.git/commit/?id=784b3e6ccc7c72a1c95c340cbbe8897d6b689d76","name":"http://git.savannah.gnu.org/cgit/automake.git/commit/?id=784b3e6ccc7c72a1c95c340cbbe8897d6b689d76","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch"],"title":"automake.git - GNU Automake","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.gnu.org/archive/html/automake/2012-07/msg00021.html","name":"https://lists.gnu.org/archive/html/automake/2012-07/msg00021.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-0526.html","name":"http://rhn.redhat.com/errata/RHSA-2013-0526.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://lists.gnu.org/archive/html/automake/2012-07/msg00023.html","name":"https://lists.gnu.org/archive/html/automake/2012-07/msg00023.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"CVE-2012-3386 Automake security fix for 'make distcheck'","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.gnu.org/archive/html/automake/2012-07/msg00022.html","name":"https://lists.gnu.org/archive/html/automake/2012-07/msg00022.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"GNU Automake 1.12.2 released (fixes a SECURITY VULNERABILITY!)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087665.html","name":"http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087665.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[SECURITY] Fedora 16 Update: automake-1.11.6-1.fc16","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2013:0526","name":"MISC:https://access.redhat.com/errata/RHSA-2013:0526","refsource":"MITRE","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2014:1243","name":"MISC:https://access.redhat.com/errata/RHSA-2014:1243","refsource":"MITRE","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/security/cve/CVE-2012-3386","name":"MISC:https://access.redhat.com/security/cve/CVE-2012-3386","refsource":"MITRE","tags":[],"title":"CVE-2012-3386 - Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=838286","name":"MISC:https://bugzilla.redhat.com/show_bug.cgi?id=838286","refsource":"MITRE","tags":[],"title":"Bug 838286 – CVE-2012-3386 automake: locally exploitable \"make distcheck\" bug","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2012-3386","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3386","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2012","cve_id":"3386","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"automake","cpe6":"1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"3386","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"automake","cpe6":"1.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"3386","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"automake","cpe6":"1.10.0.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"3386","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"automake","cpe6":"1.10.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"3386","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"automake","cpe6":"1.10.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"3386","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"automake","cpe6":"1.10.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"3386","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"automake","cpe6":"1.11.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"3386","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"automake","cpe6":"1.11.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"3386","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"automake","cpe6":"1.11.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"3386","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"automake","cpe6":"1.11.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"3386","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"automake","cpe6":"1.12","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"3386","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"automake","cpe6":"1.12.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"3386","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"automake","cpe6":"1.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"3386","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"automake","cpe6":"1.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"3386","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"automake","cpe6":"1.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"3386","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"automake","cpe6":"1.4","cpe7":"p1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"3386","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"automake","cpe6":"1.4","cpe7":"p2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"3386","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"automake","cpe6":"1.4","cpe7":"p3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"3386","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"automake","cpe6":"1.4","cpe7":"p4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"3386","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"automake","cpe6":"1.4","cpe7":"p5","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"3386","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"automake","cpe6":"1.4","cpe7":"p6","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"3386","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"automake","cpe6":"1.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"3386","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"automake","cpe6":"1.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"3386","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"automake","cpe6":"1.6.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"3386","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"automake","cpe6":"1.6.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"3386","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"automake","cpe6":"1.6.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"3386","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"automake","cpe6":"1.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"3386","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"automake","cpe6":"1.7.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"3386","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"automake","cpe6":"1.7.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"3386","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"automake","cpe6":"1.7.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"3386","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"automake","cpe6":"1.7.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"3386","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"automake","cpe6":"1.7.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"3386","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"automake","cpe6":"1.7.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"3386","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"automake","cpe6":"1.7.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"3386","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"automake","cpe6":"1.7.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"3386","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"automake","cpe6":"1.7.9","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"3386","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"automake","cpe6":"1.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"3386","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"automake","cpe6":"1.8.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"3386","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"automake","cpe6":"1.8.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"3386","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"automake","cpe6":"1.8.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"3386","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"automake","cpe6":"1.8.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"3386","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"automake","cpe6":"1.8.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"3386","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"automake","cpe6":"1.9","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"3386","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"automake","cpe6":"1.9.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"3386","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"automake","cpe6":"1.9.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"3386","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"automake","cpe6":"1.9.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"3386","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"automake","cpe6":"1.9.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"3386","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"automake","cpe6":"1.9.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"3386","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"automake","cpe6":"1.9.6","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2012","cve_id":"3386","vulnerable":"1","versionEndIncluding":"1.11.5","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"automake","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T20:05:12.403Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"FEDORA-2012-14770","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089187.html"},{"name":"MDVSA-2012:103","tags":["vendor-advisory","x_refsource_MANDRIVA","x_transferred"],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2012:103"},{"name":"openSUSE-SU-2012:1519","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-updates/2012-11/msg00038.html"},{"name":"FEDORA-2012-14349","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087538.html"},{"name":"RHSA-2013:0526","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://rhn.redhat.com/errata/RHSA-2013-0526.html"},{"name":"[automake] 20120709 GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!)","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.gnu.org/archive/html/automake/2012-07/msg00021.html"},{"name":"[automake] 20120709 GNU Automake 1.12.2 released (fixes a SECURITY VULNERABILITY!)","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.gnu.org/archive/html/automake/2012-07/msg00022.html"},{"name":"[automake] 20120709 CVE-2012-3386 Automake security fix for 'make distcheck'","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.gnu.org/archive/html/automake/2012-07/msg00023.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://git.savannah.gnu.org/cgit/automake.git/commit/?id=784b3e6ccc7c72a1c95c340cbbe8897d6b689d76"},{"name":"FEDORA-2012-14297","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087665.html"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2012-07-09T00:00:00.000Z","descriptions":[{"lang":"en","value":"The \"make distcheck\" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2012-12-19T10:00:00.000Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"name":"FEDORA-2012-14770","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089187.html"},{"name":"MDVSA-2012:103","tags":["vendor-advisory","x_refsource_MANDRIVA"],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2012:103"},{"name":"openSUSE-SU-2012:1519","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-updates/2012-11/msg00038.html"},{"name":"FEDORA-2012-14349","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087538.html"},{"name":"RHSA-2013:0526","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://rhn.redhat.com/errata/RHSA-2013-0526.html"},{"name":"[automake] 20120709 GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!)","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.gnu.org/archive/html/automake/2012-07/msg00021.html"},{"name":"[automake] 20120709 GNU Automake 1.12.2 released (fixes a SECURITY VULNERABILITY!)","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.gnu.org/archive/html/automake/2012-07/msg00022.html"},{"name":"[automake] 20120709 CVE-2012-3386 Automake security fix for 'make distcheck'","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.gnu.org/archive/html/automake/2012-07/msg00023.html"},{"tags":["x_refsource_CONFIRM"],"url":"http://git.savannah.gnu.org/cgit/automake.git/commit/?id=784b3e6ccc7c72a1c95c340cbbe8897d6b689d76"},{"name":"FEDORA-2012-14297","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087665.html"}]}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2012-3386","datePublished":"2012-08-07T21:00:00.000Z","dateReserved":"2012-06-14T00:00:00.000Z","dateUpdated":"2024-08-06T20:05:12.403Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2012-08-07 21:55:01","lastModifiedDate":"2026-04-29 01:13:23","problem_types":["CWE-264","CWE-362","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:P/I:P/A:P","baseScore":4.4,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.4,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:automake:*:*:*:*:*:*:*:*","versionEndIncluding":"1.11.5","matchCriteriaId":"BF1142BF-7EE4-4937-A928-86057C853BB8"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:automake:1.0:*:*:*:*:*:*:*","matchCriteriaId":"825E1F9E-0DFB-47BF-8D28-52B6804C199A"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:automake:1.2:*:*:*:*:*:*:*","matchCriteriaId":"41C63958-FF26-4223-8EF5-1E2CEFD9DBC6"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:automake:1.3:*:*:*:*:*:*:*","matchCriteriaId":"499D5653-552E-44EE-8183-FD5D05BF8F35"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:automake:1.4:*:*:*:*:*:*:*","matchCriteriaId":"DE71E960-691A-4816-A04D-A8D1F3CDA2CE"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:automake:1.4:p1:*:*:*:*:*:*","matchCriteriaId":"620AE4A6-8801-4E2E-BC16-4CA0A128EAD8"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:automake:1.4:p2:*:*:*:*:*:*","matchCriteriaId":"5BB76EC2-1F74-4BB2-B1B5-F3416CDC345B"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:automake:1.4:p3:*:*:*:*:*:*","matchCriteriaId":"1E969575-F171-42B7-B02D-CD494D9F9CE2"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:automake:1.4:p4:*:*:*:*:*:*","matchCriteriaId":"6396CC6D-2290-4D98-90FD-498EFDAC690B"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:automake:1.4:p5:*:*:*:*:*:*","matchCriteriaId":"8227C2EC-7C6B-4C91-86FE-FD4892C0D855"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:automake:1.4:p6:*:*:*:*:*:*","matchCriteriaId":"377CA093-EE7B-4F14-A9D0-62E678EE787E"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:automake:1.5:*:*:*:*:*:*:*","matchCriteriaId":"8A8CECA9-BDE4-4E0D-9D1A-3A8B705736CF"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:automake:1.6:*:*:*:*:*:*:*","matchCriteriaId":"37F4CA27-ECDF-4F2B-889B-954C1539DB8B"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:automake:1.6.1:*:*:*:*:*:*:*","matchCriteriaId":"A883A1BE-D2F9-43F6-9779-163762DC0BDE"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:automake:1.6.2:*:*:*:*:*:*:*","matchCriteriaId":"098E2153-D183-4603-AB8E-A424E321CB3C"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:automake:1.6.3:*:*:*:*:*:*:*","matchCriteriaId":"A2C958A3-01F2-45A6-8F0B-74BE794E06CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:automake:1.7:*:*:*:*:*:*:*","matchCriteriaId":"6454F4F7-507E-4539-B566-39E5ABD9F3B4"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:automake:1.7.1:*:*:*:*:*:*:*","matchCriteriaId":"3C19F15E-FBBC-4DEB-9438-DCF5FB9CD366"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:automake:1.7.2:*:*:*:*:*:*:*","matchCriteriaId":"6E466BA9-460D-4B7E-BD10-9CD072DE8846"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:automake:1.7.3:*:*:*:*:*:*:*","matchCriteriaId":"F9ECA16B-1AD3-4199-9D01-018DBDA0AD63"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:automake:1.7.4:*:*:*:*:*:*:*","matchCriteriaId":"6667859B-7297-4BB1-97DB-195037EB71C9"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:automake:1.7.5:*:*:*:*:*:*:*","matchCriteriaId":"8C42854C-5241-43A8-9E27-0701CE97BB94"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:automake:1.7.6:*:*:*:*:*:*:*","matchCriteriaId":"855F7E05-B617-4046-B6E4-7894CD237654"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:automake:1.7.7:*:*:*:*:*:*:*","matchCriteriaId":"FD6A46DF-3A7F-40EA-B2D6-BBDB8CEF2744"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:automake:1.7.8:*:*:*:*:*:*:*","matchCriteriaId":"26C09EE5-460F-4169-A372-878E77120204"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:automake:1.7.9:*:*:*:*:*:*:*","matchCriteriaId":"5205CF45-634B-4994-8CB1-C70B87FFC7D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:automake:1.8:*:*:*:*:*:*:*","matchCriteriaId":"9AFB9079-79EA-4DC3-9C86-72D90788AB35"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:automake:1.8.1:*:*:*:*:*:*:*","matchCriteriaId":"8B2ABAC0-D633-43B6-9BA2-E346E8D2BAAF"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:automake:1.8.2:*:*:*:*:*:*:*","matchCriteriaId":"A579BF1E-0ECE-4D1F-8849-359626B9F250"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:automake:1.8.3:*:*:*:*:*:*:*","matchCriteriaId":"9FAE2575-4611-481E-AA37-549B2F528864"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:automake:1.8.4:*:*:*:*:*:*:*","matchCriteriaId":"F29368AC-C9BA-451B-90DA-CCE8AB291946"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:automake:1.8.5:*:*:*:*:*:*:*","matchCriteriaId":"81FB30CC-D96B-443A-B1B5-61F207F80B04"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:automake:1.9:*:*:*:*:*:*:*","matchCriteriaId":"6FF64364-4A8B-4155-9FDA-E4AF655EA826"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:automake:1.9.1:*:*:*:*:*:*:*","matchCriteriaId":"2E529FDE-1475-4F83-AD75-795AA2CFCE48"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:automake:1.9.2:*:*:*:*:*:*:*","matchCriteriaId":"FAA3D112-97D4-4605-AAD9-ACD8C1901332"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:automake:1.9.3:*:*:*:*:*:*:*","matchCriteriaId":"9E44D4B2-F8E6-4D2E-800D-2101C1832261"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:automake:1.9.4:*:*:*:*:*:*:*","matchCriteriaId":"7565230F-80E8-49F2-BFC9-F33B690AC78D"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:automake:1.9.5:*:*:*:*:*:*:*","matchCriteriaId":"52DA2099-218B-4588-B381-539307426AB5"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:automake:1.9.6:*:*:*:*:*:*:*","matchCriteriaId":"032119F6-768D-42BF-A4B8-2059BFA3AAD8"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:automake:1.10:*:*:*:*:*:*:*","matchCriteriaId":"45D17CFC-3C6D-4EC1-9FED-2C158AC517C6"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:automake:1.10.0.3:*:*:*:*:*:*:*","matchCriteriaId":"5DD32447-BADF-4E6B-8745-75202A3AF83B"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:automake:1.10.1:*:*:*:*:*:*:*","matchCriteriaId":"7348FBF0-AD00-4236-9CA0-BA01FD153629"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:automake:1.10.2:*:*:*:*:*:*:*","matchCriteriaId":"06107483-9738-4C1A-A706-3DE7D9F04E7E"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:automake:1.10.3:*:*:*:*:*:*:*","matchCriteriaId":"B2A91930-6A6C-4B56-99DF-8A06F270AEC3"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:automake:1.11.1:*:*:*:*:*:*:*","matchCriteriaId":"6F35A4AC-1FA1-49CA-A465-5E0E6E05AC0B"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:automake:1.11.2:*:*:*:*:*:*:*","matchCriteriaId":"7CE405EB-E067-464D-86AE-6F0C56C7250E"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:automake:1.11.3:*:*:*:*:*:*:*","matchCriteriaId":"FA6C72AC-9EDB-4BB4-8C7F-BA1F886939EF"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:automake:1.11.4:*:*:*:*:*:*:*","matchCriteriaId":"DDD57193-65DC-4AFC-96C0-725AC176E7F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:automake:1.12:*:*:*:*:*:*:*","matchCriteriaId":"C64F490F-2837-4A97-BA1E-6E796B8B4F27"},{"vulnerable":true,"criteria":"cpe:2.3:a:gnu:automake:1.12.1:*:*:*:*:*:*:*","matchCriteriaId":"1CE494CF-6DD2-451E-B9F4-A102B06B9183"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2012","CveId":"3386","Ordinal":"1","Title":"CVE-2012-3386","CVE":"CVE-2012-3386","Year":"2012"},"notes":[{"CveYear":"2012","CveId":"3386","Ordinal":"1","NoteData":"The \"make distcheck\" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors.","Type":"Description","Title":"CVE-2012-3386"},{"CveYear":"2012","CveId":"3386","Ordinal":"2","NoteData":"2012-08-07","Type":"Other","Title":"Published"},{"CveYear":"2012","CveId":"3386","Ordinal":"3","NoteData":"2012-12-19","Type":"Other","Title":"Modified"}]}}}