National Cyber Awareness System

Vulnerability Summary for CVE-2009-3736

Overview

ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: CONFIRM

Name: https://bugzilla.redhat.com/show_bug.cgi?id=537941

Type: Patch Information

Hyperlink:https://bugzilla.redhat.com/show_bug.cgi?id=537941

External Source: BID

Name: 37128

Type: Patch Information

Hyperlink:http://www.securityfocus.com/bid/37128

External Source: MLIST

Name: [libtool] 20091116 Backport of libltdl changes to branch-1-5

Type: Patch Information

Hyperlink:http://lists.gnu.org/archive/html/libtool/2009-11/msg00065.html

External Source: MLIST

Name: [libtool] 20091116 GNU Libtool 2.2.6b released

Type: Patch Information

Hyperlink:http://lists.gnu.org/archive/html/libtool/2009-11/msg00059.html

External Source: CONFIRM

Name: http://git.savannah.gnu.org/cgit/libtool.git/commit/?h=branch-1-5&id=29b48580df75f0c5baa2962548a4c101ec7ed7ec

Type: Patch Information

Hyperlink:http://git.savannah.gnu.org/cgit/libtool.git/commit/?h=branch-1-5&id=29b48580df75f0c5baa2962548a4c101ec7ed7ec

External Source: CONFIRM

Name: ftp://ftp.gnu.org/gnu/libtool/libtool-2.2.6a-2.2.6b.diff.gz

Type: Patch Information

Hyperlink:ftp://ftp.gnu.org/gnu/libtool/libtool-2.2.6a-2.2.6b.diff.gz

External Source: FEDORA

Name: FEDORA-2009-12813

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01512.html

External Source: REDHAT

Name: RHSA-2010:0095

Hyperlink:https://rhn.redhat.com/errata/RHSA-2010-0095.html

External Source: VUPEN

Name: ADV-2011-0574

Hyperlink:http://www.vupen.com/english/advisories/2011/0574

External Source: REDHAT

Name: RHSA-2010:0039

Hyperlink:http://www.redhat.com/support/errata/RHSA-2010-0039.html

External Source: MANDRIVA

Name: MDVSA-2010:105

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2010:105

External Source: MANDRIVA

Name: MDVSA-2010:091

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2010:091

External Source: MANDRIVA

Name: MDVSA-2010:035

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2010:035

External Source: MANDRIVA

Name: MDVSA-2009:307

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2009:307

External Source: CONFIRM

Name: http://support.avaya.com/css/P8/documents/100074869

Hyperlink:http://support.avaya.com/css/P8/documents/100074869

External Source: SECUNIA

Name: 43617

Hyperlink:http://secunia.com/advisories/43617

External Source: SECUNIA

Name: 39347

Hyperlink:http://secunia.com/advisories/39347

External Source: SECUNIA

Name: 39299

Hyperlink:http://secunia.com/advisories/39299

External Source: SECUNIA

Name: 38915

Hyperlink:http://secunia.com/advisories/38915

External Source: SECUNIA

Name: 38696

Hyperlink:http://secunia.com/advisories/38696

External Source: SECUNIA

Name: 38617

Hyperlink:http://secunia.com/advisories/38617

External Source: SECUNIA

Name: 38577

Hyperlink:http://secunia.com/advisories/38577

External Source: SECUNIA

Name: 38190

Hyperlink:http://secunia.com/advisories/38190

External Source: SECUNIA

Name: 37997

Hyperlink:http://secunia.com/advisories/37997

External Source: SECUNIA

Name: 37489

Type: Advisory

Hyperlink:http://secunia.com/advisories/37489

External Source: SECUNIA

Name: 37414

Type: Advisory

Hyperlink:http://secunia.com/advisories/37414

External Source: OVAL

Name: oval:org.mitre.oval:def:6951

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6951

External Source: OVAL

Name: oval:org.mitre.oval:def:11687

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11687

External Source: SUSE

Name: SUSE-SR:2010:006

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html

External Source: FEDORA

Name: FEDORA-2011-1967

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054921.html

External Source: FEDORA

Name: FEDORA-2011-1958

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054915.html

External Source: FEDORA

Name: FEDORA-2011-1990

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054656.html

External Source: FEDORA

Name: FEDORA-2010-1924

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035168.html

External Source: FEDORA

Name: FEDORA-2010-1872

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035133.html

External Source: CONFIRM

Name: http://hamlib.svn.sourceforge.net/viewvc/hamlib/trunk/libltdl/Makefile.am?revision=2841&view=markup

Hyperlink:http://hamlib.svn.sourceforge.net/viewvc/hamlib/trunk/libltdl/Makefile.am?revision=2841&view=markup

References to Check Content

Identifier:oval:org.mitre.oval:def:11687

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:11687

Identifier:oval:org.mitre.oval:def:6951

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:6951