ID |
CVE-2009-3736
|
Summary |
ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:gnu:libtool:1.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:libtool:1.5:*:*:*:*:*:*:*
-
cpe:2.3:a:gnu:libtool:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:libtool:1.5.2:*:*:*:*:*:*:*
-
cpe:2.3:a:gnu:libtool:1.5.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:libtool:1.5.4:*:*:*:*:*:*:*
-
cpe:2.3:a:gnu:libtool:1.5.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:libtool:1.5.6:*:*:*:*:*:*:*
-
cpe:2.3:a:gnu:libtool:1.5.8:*:*:*:*:*:*:*
cpe:2.3:a:gnu:libtool:1.5.8:*:*:*:*:*:*:*
-
cpe:2.3:a:gnu:libtool:1.5.10:*:*:*:*:*:*:*
cpe:2.3:a:gnu:libtool:1.5.10:*:*:*:*:*:*:*
-
cpe:2.3:a:gnu:libtool:1.5.12:*:*:*:*:*:*:*
cpe:2.3:a:gnu:libtool:1.5.12:*:*:*:*:*:*:*
-
cpe:2.3:a:gnu:libtool:1.5.14:*:*:*:*:*:*:*
cpe:2.3:a:gnu:libtool:1.5.14:*:*:*:*:*:*:*
-
cpe:2.3:a:gnu:libtool:1.5.16:*:*:*:*:*:*:*
cpe:2.3:a:gnu:libtool:1.5.16:*:*:*:*:*:*:*
-
cpe:2.3:a:gnu:libtool:1.5.18:*:*:*:*:*:*:*
cpe:2.3:a:gnu:libtool:1.5.18:*:*:*:*:*:*:*
-
cpe:2.3:a:gnu:libtool:1.5.20:*:*:*:*:*:*:*
cpe:2.3:a:gnu:libtool:1.5.20:*:*:*:*:*:*:*
-
cpe:2.3:a:gnu:libtool:1.5.22:*:*:*:*:*:*:*
cpe:2.3:a:gnu:libtool:1.5.22:*:*:*:*:*:*:*
-
cpe:2.3:a:gnu:libtool:1.5.24:*:*:*:*:*:*:*
cpe:2.3:a:gnu:libtool:1.5.24:*:*:*:*:*:*:*
-
cpe:2.3:a:gnu:libtool:1.5.26:*:*:*:*:*:*:*
cpe:2.3:a:gnu:libtool:1.5.26:*:*:*:*:*:*:*
-
cpe:2.3:a:gnu:libtool:2.2.6a:*:*:*:*:*:*:*
cpe:2.3:a:gnu:libtool:2.2.6a:*:*:*:*:*:*:*
|
CVSS |
Base: | 6.9 (as of 19-09-2017 - 01:29) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
LOCAL |
MEDIUM |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
COMPLETE |
COMPLETE |
COMPLETE |
|
cvss-vector
via4
|
AV:L/AC:M/Au:N/C:C/I:C/A:C
|
oval
via4
|
accepted | 2013-04-29T04:15:19.827-04:00 | class | vulnerability | contributors | name | Aharon Chernin | organization | SCAP.com, LLC |
name | Dragos Prisaca | organization | G2, Inc. |
| definition_extensions | comment | The operating system installed on the system is Red Hat Enterprise Linux 3 | oval | oval:org.mitre.oval:def:11782 |
comment | CentOS Linux 3.x | oval | oval:org.mitre.oval:def:16651 |
comment | The operating system installed on the system is Red Hat Enterprise Linux 4 | oval | oval:org.mitre.oval:def:11831 |
comment | CentOS Linux 4.x | oval | oval:org.mitre.oval:def:16636 |
comment | Oracle Linux 4.x | oval | oval:org.mitre.oval:def:15990 |
comment | The operating system installed on the system is Red Hat Enterprise Linux 5 | oval | oval:org.mitre.oval:def:11414 |
comment | The operating system installed on the system is CentOS Linux 5.x | oval | oval:org.mitre.oval:def:15802 |
comment | Oracle Linux 5.x | oval | oval:org.mitre.oval:def:15459 |
| description | ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file. | family | unix | id | oval:org.mitre.oval:def:11687 | status | accepted | submitted | 2010-07-09T03:56:16-04:00 | title | ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file. | version | 31 |
accepted | 2014-01-20T04:01:30.438-05:00 | class | vulnerability | contributors | name | J. Daniel Brown | organization | DTCC |
name | Chris Coffin | organization | The MITRE Corporation |
| definition_extensions | comment | VMware ESX Server 4.0 is installed | oval | oval:org.mitre.oval:def:6293 |
| description | ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file. | family | unix | id | oval:org.mitre.oval:def:6951 | status | accepted | submitted | 2010-06-01T17:30:00.000-05:00 | title | GNU Libtool 'libltdl' Library Search Path Local Privilege Escalation Vulnerability | version | 9 |
|
redhat
via4
|
|
refmap
via4
|
bid | 37128 | confirm | | fedora | - FEDORA-2009-12813
- FEDORA-2010-1872
- FEDORA-2010-1924
- FEDORA-2011-1958
- FEDORA-2011-1967
- FEDORA-2011-1990
| gentoo | GLSA-201311-10 | mandriva | - MDVSA-2009:307
- MDVSA-2010:035
- MDVSA-2010:091
- MDVSA-2010:105
| mlist | - [libtool] 20091116 Backport of libltdl changes to branch-1-5
- [libtool] 20091116 GNU Libtool 2.2.6b released
| secunia | - 37414
- 37489
- 37997
- 38190
- 38577
- 38617
- 38696
- 38915
- 39299
- 39347
- 43617
- 55721
| suse | SUSE-SR:2010:006 | vupen | ADV-2011-0574 |
|
Last major update |
19-09-2017 - 01:29 |
Published |
29-11-2009 - 13:07 |
Last modified |
19-09-2017 - 01:29 |