[Sec-cert] [Sun] Schwachstelle in Automake bis einschliesslich Version 1.11.1 - Sun Alert 275650

WiN Site Security Contacts win-sec-ssc at lists.dfn-cert.de
Mo Jan 25 12:32:36 CET 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Liebe Kolleginnen und Kollegen,

soeben erreichte uns nachfolgendes Sun Security Advisory. Wir geben
diese Informationen unveraendert an Sie weiter.

CVE-2009-4029 - Race Condition in von Automake erzeugten Make Targets

  Die von Automake erzeugten "dist" und "distcheck" Make Targets weisen
  (kurzfristig) Verzeichnissen im Build Tree Lese- und Schreibrechte fuer
  jedermann (0777) zu. Lokale Angreifer koennen diese Schwachstelle dazu
  ausnutzen, Dateien im Build Tree zu veraendern, z.B. um Schadcode
  einzuschleusen.

Betroffen sind die folgenden Software Pakete und Plattformen:

  Paket SUNWgnu-automake

  SPARC Plattform
  * OpenSolaris basierend auf den Builds snv_71 bis snv_131
  
  x86 Plattform
  * OpenSolaris basierend auf den Builds snv_71 bis snv_131

Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt.

Hersteller Advisory:
  http://sunsolve.sun.com/search/document.do?assetkey=1-66-275650-1


(c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
gestattet.

Mit freundlichen Gruessen,
		Klaus Moeller, DFN-CERT

- -- 
Dipl. Inform. Klaus Moeller (Incident Response Team)
Phone: +49 40 808077-555, Fax: +49 40 808077-556

DFN-CERT Services GmbH, https://www.dfn-cert.de,  Phone  +49 40 808077-555
Sitz / Register: Hamburg, AG Hamburg, HRB 88805,  Ust-IdNr.:  DE 232129737
Sachsenstrase 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski

17. DFN Workshop    "Sicherheit in vernetzten Systemen"    09./10.02.2010
Informationen unter https://www.dfn-cert.de/veranstaltungen/workshop.html

Alert URL: http://sunsolve.sun.com/search/document.do?assetkey=1-66-275650-1
Sun Security Alert: 275650

   A Race Condition Security Vulnerability in the OpenSolaris "automake"
   Utility may Allow Modification of Package Files or Execution of
   Arbitrary Code
    __________________________________________________________________

   Category :                 Security
   Release Phase :            Resolved
   Bug Id :                   6906268
   Product :                  OpenSolaris
   Date of Resolved Release : 22-Jan-2009
GNU "Automake" contains a race condition security vulnerability:

   1. Impact
   GNU Automake is a tool for automatically generating "Makefile.in" files
   compliant with the GNU Coding Standards. GNU Automake contains a race
   condition security vulnerability that may allow a local unprivileged
   user to make unauthorized changes to package files or execute arbitrary
   code with the privileges of another local user when that user is
   running the "dist" and "distcheck" targets.
   This issue is also described in the following document:
     * CVE-2009-4029 at:
       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4029

   2. Contributing Factors
   This issue can occur in the following releases:
   SPARC Platform
     * OpenSolaris based upon builds snv_71 through snv_131

   x86 Platform
     * OpenSolaris based upon builds snv_71 through snv_131

   Note 1: Solaris 8, 9 and 10 are not impacted by this issue.
   Note 2: This vulnerability only affects OpenSolaris systems that have
   installed the Automake package (beginning with SUNWgnu-automake). The
   SUNWgnu-automake
   package is not installed by default. To determine if the
   SUNWgnu-automake package is installed, the following command can be
   run:
    $ pkg list 'SUNWgnu-automake*'
    NAME (PUBLISHER)        VERSION         STATE      UFOXI
    SUNWgnu-automake-110    1.10-0.129      installed  u----
    SUNWgnu-automake-19     1.9.6-0.129     installed  u----

   Note 3: OpenSolaris distributions may include additional bug fixes
   above and beyond the build from which it was derived.  To determine the
   base build of OpenSolaris, the following command can be used:
    $ uname -v
    snv_86


   3. Symptoms
   There are no predictable symptoms that would indicate the described
   issue has been exploited.
   4. Workaround
   To work around the described issue, download and build a newer version
   of automake (1.10.3, 1.11.1 or later). For example 1.10.3 can be
   obtained from:
    ftp://ftp.gnu.org/gnu/automake/automake-1.10.3.tar.gz

   5. Resolution
   This issue is resolved in the following releases:
   SPARC Platform
     * OpenSolaris based upon builds snv_132 or later

   x86 Platform
     * OpenSolaris based upon builds snv_132 or later

   For more information on Security Sun Alerts, see Technical Instruction
   ID 213557.

   This Sun Alert notification is being provided to you on an "AS IS"
   basis. This Sun Alert notification may contain information provided by
   third parties. The issues described in this Sun Alert notification may
   or may not impact your system(s). Sun makes no representations,
   warranties, or guarantees as to the information contained herein. ANY
   AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION
   WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
   NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU
   ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT,
   INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT
   OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This
   Sun Alert notification contains Sun proprietary and confidential
   information. It is being provided to you pursuant to the provisions of
   your agreement to purchase services from Sun, or, if you do not have
   such an agreement, the Sun.com Terms of Use. This Sun Alert
   notification may only be used for the purposes contemplated by these
   agreements.
   Copyright 2000-2010 Sun Microsystems, Inc., 4150 Network Circle, Santa
   Clara, CA 95054 U.S.A. All rights reserved.
   Attachments
This solution has no attachment




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFLXYFUWmhIvjFb90URAtNGAJ4yIhj4Q4k6DNwtSz6QFaP/2vl++QCeL+ZM
bSI+pfkrSF2jfP+lSHJhbWI=
=lDK5
-----END PGP SIGNATURE-----



Mehr Informationen über die Mailingliste Sec-cert