Lucene search

[email protected]NVD:CVE-2009-3736

HistoryNov 29, 2009 - 1:07 p.m.

CVE-2009-3736

2009-11-2913:07:52

[email protected]

web.nvd.nist.gov

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

High

EPSS

Percentile

10.1%

JSON

ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.

Affected configurations

Nvd

Node

gnulibtoolMatch1.5

gnulibtoolMatch1.5.2

gnulibtoolMatch1.5.4

gnulibtoolMatch1.5.6

gnulibtoolMatch1.5.8

gnulibtoolMatch1.5.10

gnulibtoolMatch1.5.12

gnulibtoolMatch1.5.14

gnulibtoolMatch1.5.16

gnulibtoolMatch1.5.18

gnulibtoolMatch1.5.20

gnulibtoolMatch1.5.22

gnulibtoolMatch1.5.24

gnulibtoolMatch1.5.26

gnulibtoolMatch2.2.6a

References

ftp://ftp.gnu.org/gnu/libtool/libtool-2.2.6a-2.2.6b.diff.gz

git.savannah.gnu.org/cgit/libtool.git/commit/?h=branch-1-5&id=29b48580df75f0c5baa2962548a4c101ec7ed7ec

hamlib.svn.sourceforge.net/viewvc/hamlib/trunk/libltdl/Makefile.am?revision=2841&view=markup

kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

lists.fedoraproject.org/pipermail/package-announce/2010-February/035133.html

lists.fedoraproject.org/pipermail/package-announce/2010-February/035168.html

lists.fedoraproject.org/pipermail/package-announce/2011-March/054656.html

lists.fedoraproject.org/pipermail/package-announce/2011-March/054915.html

lists.fedoraproject.org/pipermail/package-announce/2011-March/054921.html

lists.gnu.org/archive/html/libtool/2009-11/msg00059.html

lists.gnu.org/archive/html/libtool/2009-11/msg00065.html

lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html

secunia.com/advisories/37414

secunia.com/advisories/37489

secunia.com/advisories/37997

secunia.com/advisories/38190

secunia.com/advisories/38577

secunia.com/advisories/38617

secunia.com/advisories/38696

secunia.com/advisories/38915

secunia.com/advisories/39299

secunia.com/advisories/39347

secunia.com/advisories/43617

secunia.com/advisories/55721

security.gentoo.org/glsa/glsa-201311-10.xml

support.avaya.com/css/P8/documents/100074869

www.mandriva.com/security/advisories?name=MDVSA-2009:307

www.mandriva.com/security/advisories?name=MDVSA-2010:035

www.mandriva.com/security/advisories?name=MDVSA-2010:091

www.mandriva.com/security/advisories?name=MDVSA-2010:105

www.redhat.com/support/errata/RHSA-2010-0039.html

www.securityfocus.com/bid/37128

www.vupen.com/english/advisories/2011/0574

bugzilla.redhat.com/show_bug.cgi?id=537941

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11687

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6951

rhn.redhat.com/errata/RHSA-2010-0095.html

www.redhat.com/archives/fedora-package-announce/2009-December/msg01512.html

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

High

EPSS

Percentile

10.1%

JSON

Related for NVD:CVE-2009-3736

openvas94 nessus51 prion1 fedora23 debian1 freebsd1 cve1 centos2 redhat3 oraclelinux2 seebug1 ubuntucve1 veracode1 osv1 cvelist1 debiancve1 gentoo2 vmware2