CVE - CVE-2009-3736

CVE-ID
CVE-2009-3736	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:37128 URL:http://www.securityfocus.com/bid/37128 CONFIRM:ftp://ftp.gnu.org/gnu/libtool/libtool-2.2.6a-2.2.6b.diff.gz CONFIRM:http://git.savannah.gnu.org/cgit/libtool.git/commit/?h=branch-1-5&id=29b48580df75f0c5baa2962548a4c101ec7ed7ec CONFIRM:http://hamlib.svn.sourceforge.net/viewvc/hamlib/trunk/libltdl/Makefile.am?revision=2841&view=markup CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 CONFIRM:http://support.avaya.com/css/P8/documents/100074869 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=537941 FEDORA:FEDORA-2009-12813 URL:https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01512.html FEDORA:FEDORA-2010-1872 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035133.html FEDORA:FEDORA-2010-1924 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035168.html FEDORA:FEDORA-2011-1958 URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054915.html FEDORA:FEDORA-2011-1967 URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054921.html FEDORA:FEDORA-2011-1990 URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054656.html GENTOO:GLSA-201311-10 URL:http://security.gentoo.org/glsa/glsa-201311-10.xml MANDRIVA:MDVSA-2009:307 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2009:307~~ (Obsolete source) MANDRIVA:MDVSA-2010:035 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2010:035~~ (Obsolete source) MANDRIVA:MDVSA-2010:091 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2010:091~~ (Obsolete source) MANDRIVA:MDVSA-2010:105 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2010:105~~ (Obsolete source) MLIST:[libtool] 20091116 Backport of libltdl changes to branch-1-5 URL:http://lists.gnu.org/archive/html/libtool/2009-11/msg00065.html MLIST:[libtool] 20091116 GNU Libtool 2.2.6b released URL:http://lists.gnu.org/archive/html/libtool/2009-11/msg00059.html OVAL:oval:org.mitre.oval:def:11687 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11687 OVAL:oval:org.mitre.oval:def:6951 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6951 REDHAT:RHSA-2010:0039 URL:http://www.redhat.com/support/errata/RHSA-2010-0039.html REDHAT:RHSA-2010:0095 URL:https://rhn.redhat.com/errata/RHSA-2010-0095.html SECUNIA:37414 URL:http://secunia.com/advisories/37414 SECUNIA:37489 URL:http://secunia.com/advisories/37489 SECUNIA:37997 URL:http://secunia.com/advisories/37997 SECUNIA:38190 URL:http://secunia.com/advisories/38190 SECUNIA:38577 URL:http://secunia.com/advisories/38577 SECUNIA:38617 URL:http://secunia.com/advisories/38617 SECUNIA:38696 URL:http://secunia.com/advisories/38696 SECUNIA:38915 URL:http://secunia.com/advisories/38915 SECUNIA:39299 URL:http://secunia.com/advisories/39299 SECUNIA:39347 URL:http://secunia.com/advisories/39347 SECUNIA:43617 URL:http://secunia.com/advisories/43617 SECUNIA:55721 URL:http://secunia.com/advisories/55721 SUSE:SUSE-SR:2010:006 URL:http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html VUPEN:ADV-2011-0574 URL:~~http://www.vupen.com/english/advisories/2011/0574~~ (Obsolete source)
Assigning CNA
CERT/CC
Date Record Created
20091022	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20091022)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)