FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2009-3736

This CVE name corresponds to:

Entered Topic
2009-11-28 libtool -- Library Search Path Privilege Escalation Issue

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2009-3736
Phase Assigned(20091022)

Description

ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.

References

Source Reference
MLIST [libtool] 20091116 Backport of libltdl changes to branch-1-5
MLIST [libtool] 20091116 GNU Libtool 2.2.6b released
CONFIRM ftp://ftp.gnu.org/gnu/libtool/libtool-2.2.6a-2.2.6b.diff.gz
CONFIRM http://git.savannah.gnu.org/cgit/libtool.git/commit/?h=branch-1-5&id=29b48580df75f0c5baa2962548a4c101ec7ed7ec
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=537941
CONFIRM http://support.avaya.com/css/P8/documents/100074869
CONFIRM http://hamlib.svn.sourceforge.net/viewvc/hamlib/trunk/libltdl/Makefile.am?revision=2841&view=markup
FEDORA FEDORA-2010-1872
FEDORA FEDORA-2010-1924
FEDORA FEDORA-2009-12813
FEDORA FEDORA-2011-1958
FEDORA FEDORA-2011-1967
FEDORA FEDORA-2011-1990
GENTOO GLSA-201311-10
MANDRIVA MDVSA-2009:307
MANDRIVA MDVSA-2010:035
MANDRIVA MDVSA-2010:091
MANDRIVA MDVSA-2010:105
REDHAT RHSA-2010:0095
REDHAT RHSA-2010:0039
SUSE SUSE-SR:2010:006
BID 37128
OVAL oval:org.mitre.oval:def:11687
OVAL oval:org.mitre.oval:def:6951
SECUNIA 37414
SECUNIA 37489
SECUNIA 38577
SECUNIA 38617
SECUNIA 38696
SECUNIA 38915
SECUNIA 38190
SECUNIA 39299
SECUNIA 39347
SECUNIA 37997
SECUNIA 43617
SECUNIA 55721
VUPEN ADV-2011-0574