Orange Business Services
Vigil@nce Vigil@nce Vigil@nce
we track for your security since 1999
 home presentation vulnerabilities documentation contact  
subscriber area subscriber area
free access free access
Vigil@nce team describes computer vulnerabilities impacting your systems, and offers solutions to correct them.
recent vulnerabilities recent vulnerabilities
tracked products tracked products
RSS feed RSS feed
vulnerability

vulnerability 9475

GNU M4: file modification via dist and distcheck

Synthesis of the vulnerability

When the dist and distcheck targets of GNU M4 are used, a local attacker can alter a file.
Severity: 2/4.
Creation date: 25/02/2010.

Description of the vulnerability

The GNU M4 program generates files from macros.

However, GNU M4 can use a vulnerable version of GNU Automake (VIGILANCE-VUL-9302).

When the dist and distcheck targets of GNU M4 are used, a local attacker can therefore alter a file.

Complete Vigil@nce bulletin

Access to the complete Vigil@nce bulletin

Characteristics

Title: GNU M4: file modification via dist and distcheck.
Keywords: Automake GNU dist distcheck file modification.
Identifiers: VIGILANCE-VUL-9475.

Information sources

Publications and announces

Solutions for this vulnerability

Patch or workaround

Computer vulnerabilities tracking service

The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.
The Vigil@nce vulnerability database contains several thousand vulnerabilities.
This bulletin is published by the Vigil@nce team, which tracks computer vulnerabilities impacting systems and applications.
Computer vulnerability bulletins



















France Télécom Copyright 1999-2010 Vigil@nce. Vigil@nce is a service from Orange Business Services. Site map. Legal notice. Version française