CVE-2009-3736
published 2009-11-29CVE-2009-3736: ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la…
PriorityP420medium6.9CVSS 2.0
AVLACMAuNCCICAC
EPSS
0.39%
31.3th percentile
ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
Affected
80 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| clamav | clamav | >= 0 < 0.95+dfsg-1 | 0.95+dfsg-1 |
| clamav | clamav | >= 0 < 0.95+dfsg-1 | 0.95+dfsg-1 |
| clamav | clamav | >= 0 < 0.95+dfsg-1 | 0.95+dfsg-1 |
| clamav | clamav | >= 0 < 0.95+dfsg-1 | 0.95+dfsg-1 |
| collectd | collectd | >= 0 < 4.8.2-1 | 4.8.2-1 |
| collectd | collectd | >= 0 < 4.8.2-1 | 4.8.2-1 |
| collectd | collectd | >= 0 < 4.8.2-1 | 4.8.2-1 |
| collectd | collectd | >= 0 < 4.8.2-1 | 4.8.2-1 |
| debian | bochs | < clamav 0.95+dfsg-1 (bookworm) | clamav 0.95+dfsg-1 (bookworm) |
| debian | clamav | < clamav 0.95+dfsg-1 (bookworm) | clamav 0.95+dfsg-1 (bookworm) |
| debian | collectd | < clamav 0.95+dfsg-1 (bookworm) | clamav 0.95+dfsg-1 (bookworm) |
| debian | ggobi | < clamav 0.95+dfsg-1 (bookworm) | clamav 0.95+dfsg-1 (bookworm) |
| debian | gnu-smalltalk | < clamav 0.95+dfsg-1 (bookworm) | clamav 0.95+dfsg-1 (bookworm) |
| debian | graphicsmagick | < clamav 0.95+dfsg-1 (bookworm) | clamav 0.95+dfsg-1 (bookworm) |
| debian | graphviz | < clamav 0.95+dfsg-1 (bookworm) | clamav 0.95+dfsg-1 (bookworm) |
| debian | hamlib | < clamav 0.95+dfsg-1 (bookworm) | clamav 0.95+dfsg-1 (bookworm) |
| debian | heartbeat | < clamav 0.95+dfsg-1 (bookworm) | clamav 0.95+dfsg-1 (bookworm) |
| debian | hercules | < clamav 0.95+dfsg-1 (bookworm) | clamav 0.95+dfsg-1 (bookworm) |
| debian | hypre | < clamav 0.95+dfsg-1 (bookworm) | clamav 0.95+dfsg-1 (bookworm) |
| debian | imagemagick | < clamav 0.95+dfsg-1 (bookworm) | clamav 0.95+dfsg-1 (bookworm) |
| debian | jags | < clamav 0.95+dfsg-1 (bookworm) | clamav 0.95+dfsg-1 (bookworm) |
| debian | lam | < clamav 0.95+dfsg-1 (bookworm) | clamav 0.95+dfsg-1 (bookworm) |
| debian | libextractor | < clamav 0.95+dfsg-1 (bookworm) | clamav 0.95+dfsg-1 (bookworm) |
| debian | libmcrypt | < clamav 0.95+dfsg-1 (bookworm) | clamav 0.95+dfsg-1 (bookworm) |
| debian | libprelude | < clamav 0.95+dfsg-1 (bookworm) | clamav 0.95+dfsg-1 (bookworm) |
CVSS provenance
nvdv2.06.9MEDIUMAV:L/AC:M/Au:N/C:C/I:C/A:C
osv6.9MEDIUM
vendor_debian6.9LOW
vendor_redhat6.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
libtool: libltdl may load and execute code from a library in the current directory
vendor_redhat·2009-11-16·CVSS 6.9
CVE-2009-3736 [MEDIUM] libtool: libltdl may load and execute code from a library in the current directory
libtool: libltdl may load and execute code from a library in the current directory
ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
Package: guile (Red Hat Enterprise Linux 4) - Not affected
Package: gcc44 (Red Hat Enterprise Linux 5) - Will not fix
Package: guile (Red Hat Enterprise Linux 5) - Will not fix
Package: guile (Red Hat Enterprise Linux 6) - Will not fix
Package: libtool (Red Hat Enterprise Linux 6) - Not affected
Debian
CVE-2009-3736: bochs - ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham ...
vendor_debian·2009·CVSS 6.9
CVE-2009-3736 [MEDIUM] CVE-2009-3736: bochs - ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham ...
ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
GHSA
GHSA-xpcw-5x35-jv4r: ltdl
ghsa_unreviewed·2022-05-03
CVE-2009-3736 [MEDIUM] GHSA-xpcw-5x35-jv4r: ltdl
ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
OSV
CVE-2009-3736: ltdl
osv·2009-11-29·CVSS 6.9
CVE-2009-3736 [MEDIUM] CVE-2009-3736: ltdl
ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2009-3736 libtool: libltdl may load and execute code from a library in the current directory [Fedora all]
bugzilla·2010-02-11·CVSS 6.9
CVE-2009-3736 [MEDIUM] CVE-2009-3736 libtool: libltdl may load and execute code from a library in the current directory [Fedora all]
CVE-2009-3736 libtool: libltdl may load and execute code from a library in the current directory [Fedora all]
This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected Fedora versions.
For comments that are specific to the vulnerability please use bugs filed against "Security Response" product referenced in "Blocks" field.
bug #537941:
CVE-2009-3736 libtool: libltdl may load and execute code from a library in the current directory
When creating a Bodhi update request, please include the bug IDs of the respective parent bugs filed against the "Security Response" product. Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_
Bugzilla
CVE-2009-3736 libtool: libltdl may load and execute code from a library in the current directory
bugzilla·2009-11-16·CVSS 6.9
CVE-2009-3736 [MEDIUM] CVE-2009-3736 libtool: libltdl may load and execute code from a library in the current directory
CVE-2009-3736 libtool: libltdl may load and execute code from a library in the current directory
CERT reported a vulnerability in libltdl (part of libtool) where it could, in some cases, load and execute code from a library in the current directory (or the system's shared library search path) instead of the library that was requested with an absolute path. Systems which don't enforce specific naming for loadable objects, or which search for loadable objects in insecure directories (such as the current working directory), or don't require that loadable objects be signed in some way or have ttheir execute bits set, are particularly vulnerable, and are trivial to exploit via an uploaded file.
All versions of libtool are vulnerable to this issue; 2.2.6b was released which corrects it. CERT i
ftp://ftp.gnu.org/gnu/libtool/libtool-2.2.6a-2.2.6b.diff.gzhttp://git.savannah.gnu.org/cgit/libtool.git/commit/?h=branch-1-5&id=29b48580df75f0c5baa2962548a4c101ec7ed7echttp://hamlib.svn.sourceforge.net/viewvc/hamlib/trunk/libltdl/Makefile.am?revision=2841&view=markuphttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035133.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-February/035168.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-March/054656.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-March/054915.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-March/054921.htmlhttp://lists.gnu.org/archive/html/libtool/2009-11/msg00059.htmlhttp://lists.gnu.org/archive/html/libtool/2009-11/msg00065.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.htmlhttp://secunia.com/advisories/37414http://secunia.com/advisories/37489http://secunia.com/advisories/37997http://secunia.com/advisories/38190http://secunia.com/advisories/38577http://secunia.com/advisories/38617http://secunia.com/advisories/38696http://secunia.com/advisories/38915http://secunia.com/advisories/39299http://secunia.com/advisories/39347http://secunia.com/advisories/43617http://secunia.com/advisories/55721http://security.gentoo.org/glsa/glsa-201311-10.xmlhttp://support.avaya.com/css/P8/documents/100074869http://www.mandriva.com/security/advisories?name=MDVSA-2009:307http://www.mandriva.com/security/advisories?name=MDVSA-2010:035http://www.mandriva.com/security/advisories?name=MDVSA-2010:091http://www.mandriva.com/security/advisories?name=MDVSA-2010:105http://www.redhat.com/support/errata/RHSA-2010-0039.htmlhttp://www.securityfocus.com/bid/37128http://www.vupen.com/english/advisories/2011/0574https://bugzilla.redhat.com/show_bug.cgi?id=537941https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11687https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6951https://rhn.redhat.com/errata/RHSA-2010-0095.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-December/msg01512.htmlftp://ftp.gnu.org/gnu/libtool/libtool-2.2.6a-2.2.6b.diff.gzhttp://git.savannah.gnu.org/cgit/libtool.git/commit/?h=branch-1-5&id=29b48580df75f0c5baa2962548a4c101ec7ed7echttp://hamlib.svn.sourceforge.net/viewvc/hamlib/trunk/libltdl/Makefile.am?revision=2841&view=markuphttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035133.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-February/035168.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-March/054656.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-March/054915.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-March/054921.htmlhttp://lists.gnu.org/archive/html/libtool/2009-11/msg00059.htmlhttp://lists.gnu.org/archive/html/libtool/2009-11/msg00065.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.htmlhttp://secunia.com/advisories/37414http://secunia.com/advisories/37489http://secunia.com/advisories/37997http://secunia.com/advisories/38190http://secunia.com/advisories/38577http://secunia.com/advisories/38617http://secunia.com/advisories/38696http://secunia.com/advisories/38915http://secunia.com/advisories/39299http://secunia.com/advisories/39347http://secunia.com/advisories/43617http://secunia.com/advisories/55721http://security.gentoo.org/glsa/glsa-201311-10.xmlhttp://support.avaya.com/css/P8/documents/100074869http://www.mandriva.com/security/advisories?name=MDVSA-2009:307http://www.mandriva.com/security/advisories?name=MDVSA-2010:035http://www.mandriva.com/security/advisories?name=MDVSA-2010:091http://www.mandriva.com/security/advisories?name=MDVSA-2010:105http://www.redhat.com/support/errata/RHSA-2010-0039.htmlhttp://www.securityfocus.com/bid/37128http://www.vupen.com/english/advisories/2011/0574https://bugzilla.redhat.com/show_bug.cgi?id=537941https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11687https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6951https://rhn.redhat.com/errata/RHSA-2010-0095.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-December/msg01512.html
2009-11-29
Published