GNU Automake Insecure Temporary Directory Creation Symbolic Link Vulnerability

It has been reported that GNU Automake may be prone to a symbolic link vulnerability that may allow an attacker to modify data or gain elevated privileges on a vulnerable system. This issue results due to insecure creation of directories during compilation. The attacker may potentially create symbolic links in the place of files contained in the affected directories, which may potentially lead to elevated privileges due to modification of data.

GNU Automake versions prior to 1.8.3 are reported to be affected by this vulnerability.


Privacy Statement
Copyright 2010, SecurityFocus