Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2009:1646
HistoryDec 08, 2009 - 10:18 p.m.

libtool security update

2009-12-0822:18:58
CentOS Project
lists.centos.org
61

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

EPSS

0

Percentile

10.1%

JSON

CentOS Errata and Security Advisory CESA-2009:1646

GNU Libtool is a set of shell scripts which automatically configure UNIX,
Linux, and similar operating systems to generically build shared libraries.

A flaw was found in the way GNU Libtool’s libltdl library looked for
modules to load. It was possible for libltdl to load and run modules from
an arbitrary library in the current working directory. If a local attacker
could trick a local user into running an application (which uses libltdl)
from an attacker-controlled directory containing a malicious Libtool
control file (.la), the attacker could possibly execute arbitrary code with
the privileges of the user running the application. (CVE-2009-3736)

All libtool users should upgrade to these updated packages, which contain
a backported patch to correct this issue. After installing the updated
packages, applications using the libltdl library must be restarted for the
update to take effect.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2009-December/078516.html
https://lists.centos.org/pipermail/centos-announce/2009-December/078517.html
https://lists.centos.org/pipermail/centos-announce/2009-December/078520.html
https://lists.centos.org/pipermail/centos-announce/2009-December/078521.html
https://lists.centos.org/pipermail/centos-announce/2009-December/078544.html
https://lists.centos.org/pipermail/centos-announce/2009-December/078545.html

Affected packages:
libtool
libtool-libs
libtool-ltdl
libtool-ltdl-devel

Upstream details at:
https://access.redhat.com/errata/RHSA-2009:1646

Related

nessus 51
openvas 94
debiancve 1
ubuntucve 1
osv 1
fedora 23
cvelist 1
redhat 3
veracode 1
cve 1
debian 1
freebsd 1
prion 1
seebug 1
nvd 1
centos 1
oraclelinux 2
gentoo 2
vmware 2
nessus
nessus
Fedora 14 : q-7.11-8.fc14 (2011-1967)
2011-03-04 00:00:00
Fedora 11 : esorex-3.7.2-3.fc11 (2010-3314)
2010-07-01 00:00:00
Fedora 12 : esorex-3.7.2-5.fc12 (2010-3216)
2010-07-01 00:00:00
openvas
openvas
Fedora Update for gnu-smalltalk FEDORA-2010-4339
2010-03-22 00:00:00
Mandriva Update for phpmyadmin MDVA-2010:075 (phpmyadmin)
2010-03-02 00:00:00
CentOS Update for cpp CESA-2010:0039 centos4 x86_64
2010-01-19 00:00:00
debiancve
debiancve
CVE-2009-3736
2009-11-29 13:07:52
ubuntucve
ubuntucve
CVE-2009-3736
2009-11-29 00:00:00
osv
osv
libtool - privilege escalation
2009-12-29 00:00:00
fedora
fedora
[SECURITY] Fedora 12 Update: hamlib-1.2.10-2.fc12
2010-04-03 04:47:10
[SECURITY] Fedora 12 Update: libprelude-0.9.24.1-2.fc12
2010-05-26 21:44:12
[SECURITY] Fedora 12 Update: esorex-3.7.2-5.fc12
2010-03-20 03:29:17
cvelist
cvelist
CVE-2009-3736
2009-11-27 20:00:00
redhat
redhat
(RHSA-2010:0039) Moderate: gcc and gcc4 security update
2010-01-13 00:00:00
(RHSA-2009:1646) Moderate: libtool security update
2009-12-08 00:00:00
(RHSA-2010:0095) Important: rhev-hypervisor security and bug fix update
2010-02-09 00:00:00
veracode
veracode
Privilege Escalation
2020-04-10 00:41:57
cve
cve
CVE-2009-3736
2009-11-29 13:07:52
debian
debian
[SECURITY] [DSA 1958-1] New libtool packages fix privilege escalation
2009-12-29 17:27:07
freebsd
freebsd
libtool -- Library Search Path Privilege Escalation Issue
2009-11-25 00:00:00
prion
prion
Code injection
2009-11-29 13:07:00
seebug
seebug
GNU Libtool libltdlεΊ“ζœη΄’θ·―εΎ„ζœ¬εœ°ζƒι™ζε‡ζΌζ΄ž
2009-12-02 00:00:00
nvd
nvd
CVE-2009-3736
2009-11-29 13:07:52
centos
centos
cpp, gcc, gcc4, libf2c, libgcc, libgcj, libgcj4, libgfortran, libgnat, libgomp, libmudflap, libobjc, libstdc++ security update
2010-01-14 12:58:41
oraclelinux
oraclelinux
libtool security update
2009-12-08 00:00:00
gcc and gcc4 security update
2010-01-13 00:00:00
gentoo
gentoo
GraphicsMagick: Multiple vulnerabilities
2013-11-19 00:00:00
Multiple packages, Multiple vulnerabilities fixed in 2010
2014-12-11 00:00:00
vmware
vmware
ESXi utilities and ESX Service Console third party updates
2010-05-27 00:00:00
ESXi utilities and ESX Service Console third party updates
2010-05-27 00:00:00

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

EPSS

0

Percentile

10.1%

JSON
Related for CESA-2009:1646
nessus51openvas94debiancve1ubuntucve1osv1fedora23cvelist1redhat3veracode1cve1debian1freebsd1prion1seebug1nvd1centos1oraclelinux2gentoo2vmware2