CVE-2009-3736 — Libtool vulnerability

7 documents6 sources

Severity

6.9MEDIUMNVD

EPSS

0.1%

top 68.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Clamav Collectd GNU Libextractor +35 more

Timeline

PublishedNov 29

Latest updateMay 3

Description

ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages39 packages

▶debiandebian/libtool< clamav 0.95+dfsg-1 (bookworm)

▶debiandebian/openmpi< clamav 0.95+dfsg-1 (bookworm)

▶Debiangnu/libtool< 2.2.6b-1+3

▶NVDgnu/libtool15 versions+14

▶debiandebian/lam< clamav 0.95+dfsg-1 (bookworm)

Patches

Patch: ftp.gnu.org ↗Patch: git.savannah.gnu.org ↗Patch: lists.gnu.org ↗

🔴Vulnerability Details

GHSA

GHSA-xpcw-5x35-jv4r: ltdl↗2022-05-03

▶

OSV

CVE-2009-3736: ltdl↗2009-11-29

▶

📋Vendor Advisories

Red Hat

libtool: libltdl may load and execute code from a library in the current directory↗2009-11-16

▶

Debian

CVE-2009-3736: bochs - ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham ...↗2009

▶

💬Community

Bugzilla

CVE-2009-3736 libtool: libltdl may load and execute code from a library in the current directory [Fedora all]↗2010-02-11

▶

Bugzilla

CVE-2009-3736 libtool: libltdl may load and execute code from a library in the current directory↗2009-11-16

▶