CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
10.1%
CentOS Errata and Security Advisory CESA-2009:1646
GNU Libtool is a set of shell scripts which automatically configure UNIX,
Linux, and similar operating systems to generically build shared libraries.
A flaw was found in the way GNU Libtoolβs libltdl library looked for
modules to load. It was possible for libltdl to load and run modules from
an arbitrary library in the current working directory. If a local attacker
could trick a local user into running an application (which uses libltdl)
from an attacker-controlled directory containing a malicious Libtool
control file (.la), the attacker could possibly execute arbitrary code with
the privileges of the user running the application. (CVE-2009-3736)
All libtool users should upgrade to these updated packages, which contain
a backported patch to correct this issue. After installing the updated
packages, applications using the libltdl library must be restarted for the
update to take effect.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2009-December/078516.html
https://lists.centos.org/pipermail/centos-announce/2009-December/078517.html
https://lists.centos.org/pipermail/centos-announce/2009-December/078520.html
https://lists.centos.org/pipermail/centos-announce/2009-December/078521.html
https://lists.centos.org/pipermail/centos-announce/2009-December/078544.html
https://lists.centos.org/pipermail/centos-announce/2009-December/078545.html
Affected packages:
libtool
libtool-libs
libtool-ltdl
libtool-ltdl-devel
Upstream details at:
https://access.redhat.com/errata/RHSA-2009:1646
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 3 | i386 | libtool | <Β 1.4.3-7 | libtool-1.4.3-7.i386.rpm |
CentOS | 3 | i386 | libtool-libs | <Β 1.4.3-7 | libtool-libs-1.4.3-7.i386.rpm |
CentOS | 3 | i386 | libtool | <Β 1.4.3-7 | libtool-1.4.3-7.i386.rpm |
CentOS | 3 | i386 | libtool-libs | <Β 1.4.3-7 | libtool-libs-1.4.3-7.i386.rpm |
CentOS | 3 | x86_64 | libtool | <Β 1.4.3-7 | libtool-1.4.3-7.x86_64.rpm |
CentOS | 3 | i386 | libtool-libs | <Β 1.4.3-7 | libtool-libs-1.4.3-7.i386.rpm |
CentOS | 3 | x86_64 | libtool-libs | <Β 1.4.3-7 | libtool-libs-1.4.3-7.x86_64.rpm |
CentOS | 3 | x86_64 | libtool | <Β 1.4.3-7 | libtool-1.4.3-7.x86_64.rpm |
CentOS | 3 | i386 | libtool-libs | <Β 1.4.3-7 | libtool-libs-1.4.3-7.i386.rpm |
CentOS | 3 | x86_64 | libtool-libs | <Β 1.4.3-7 | libtool-libs-1.4.3-7.x86_64.rpm |