Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2009-3736

ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.

Published

2009-11-29T13:07:52.030

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.9 (MEDIUM)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.4

Impact Score

10.0

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gnu	libtool	1.5	Yes
Application	gnu	libtool	1.5.2	Yes
Application	gnu	libtool	1.5.4	Yes
Application	gnu	libtool	1.5.6	Yes
Application	gnu	libtool	1.5.8	Yes
Application	gnu	libtool	1.5.10	Yes
Application	gnu	libtool	1.5.12	Yes
Application	gnu	libtool	1.5.14	Yes
Application	gnu	libtool	1.5.16	Yes
Application	gnu	libtool	1.5.18	Yes
Application	gnu	libtool	1.5.20	Yes
Application	gnu	libtool	1.5.22	Yes
Application	gnu	libtool	1.5.24	Yes
Application	gnu	libtool	1.5.26	Yes
Application	gnu	libtool	2.2.6a	Yes

References

ftp://ftp.gnu.org/gnu/libtool/libtool-2.2.6a-2.2.6b.diff.gz Patch ([email protected])
http://git.savannah.gnu.org/cgit/libtool.git/commit/?h=branch-1-5&id=29b48580df75f0c5baa2962548a4c101ec7ed7ec Patch ([email protected])
http://hamlib.svn.sourceforge.net/viewvc/hamlib/trunk/libltdl/Makefile.am?revision=2841&view=markup ([email protected])
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035133.html ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035168.html ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054656.html ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054915.html ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054921.html ([email protected])
http://lists.gnu.org/archive/html/libtool/2009-11/msg00059.html Patch ([email protected])
http://lists.gnu.org/archive/html/libtool/2009-11/msg00065.html Patch ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html ([email protected])
http://secunia.com/advisories/37414 Vendor Advisory ([email protected])
http://secunia.com/advisories/37489 Vendor Advisory ([email protected])
http://secunia.com/advisories/37997 ([email protected])
http://secunia.com/advisories/38190 ([email protected])
http://secunia.com/advisories/38577 ([email protected])
http://secunia.com/advisories/38617 ([email protected])
http://secunia.com/advisories/38696 ([email protected])
http://secunia.com/advisories/38915 ([email protected])
http://secunia.com/advisories/39299 ([email protected])
http://secunia.com/advisories/39347 ([email protected])
http://secunia.com/advisories/43617 ([email protected])
http://secunia.com/advisories/55721 ([email protected])
http://security.gentoo.org/glsa/glsa-201311-10.xml ([email protected])
http://support.avaya.com/css/P8/documents/100074869 ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2009:307 ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2010:035 ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2010:091 ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2010:105 ([email protected])
http://www.redhat.com/support/errata/RHSA-2010-0039.html ([email protected])
http://www.securityfocus.com/bid/37128 Patch ([email protected])
http://www.vupen.com/english/advisories/2011/0574 ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=537941 Patch ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11687 ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6951 ([email protected])
https://rhn.redhat.com/errata/RHSA-2010-0095.html ([email protected])
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01512.html ([email protected])
ftp://ftp.gnu.org/gnu/libtool/libtool-2.2.6a-2.2.6b.diff.gz Patch (af854a3a-2127-422b-91ae-364da2661108)
http://git.savannah.gnu.org/cgit/libtool.git/commit/?h=branch-1-5&id=29b48580df75f0c5baa2962548a4c101ec7ed7ec Patch (af854a3a-2127-422b-91ae-364da2661108)
http://hamlib.svn.sourceforge.net/viewvc/hamlib/trunk/libltdl/Makefile.am?revision=2841&view=markup (af854a3a-2127-422b-91ae-364da2661108)
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035133.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035168.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054656.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054915.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054921.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.gnu.org/archive/html/libtool/2009-11/msg00059.html Patch (af854a3a-2127-422b-91ae-364da2661108)
http://lists.gnu.org/archive/html/libtool/2009-11/msg00065.html Patch (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/37414 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/37489 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/37997 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/38190 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/38577 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/38617 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/38696 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/38915 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/39299 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/39347 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/43617 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/55721 (af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-201311-10.xml (af854a3a-2127-422b-91ae-364da2661108)
http://support.avaya.com/css/P8/documents/100074869 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2009:307 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2010:035 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2010:091 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2010:105 (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2010-0039.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/37128 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0574 (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=537941 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11687 (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6951 (af854a3a-2127-422b-91ae-364da2661108)
https://rhn.redhat.com/errata/RHSA-2010-0095.html (af854a3a-2127-422b-91ae-364da2661108)
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01512.html (af854a3a-2127-422b-91ae-364da2661108)