6.9 - CVE-2009-3736

Executive Summary

Informations
Name	CVE-2009-3736	First vendor Publication	2009-11-29
Vendor	Cve	Last vendor Modification	2017-09-19

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	6.9	Attack Range	Local
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	3.4	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3736

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:11687

Oval ID:	oval:org.mitre.oval:def:11687
Title:	ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
Description:	ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-3736	Version:	6
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section gcc-ppc32 is earlier than 0:3.2.3-60 AND gcc-java is earlier than 0:3.2.3-60 AND gcc-g77 is earlier than 0:3.2.3-60 AND libgcj is earlier than 0:3.2.3-60 AND gcc-c++ is earlier than 0:3.2.3-60 AND libobjc is earlier than 0:3.2.3-60 AND libstdc++ is earlier than 0:3.2.3-60 AND libf2c is earlier than 0:3.2.3-60 AND gcc-c++-ppc32 is earlier than 0:3.2.3-60 AND gcc-objc is earlier than 0:3.2.3-60 AND libgnat is earlier than 0:3.2.3-60 AND libtool-libs is earlier than 0:1.4.3-7 AND libstdc++-devel is earlier than 0:3.2.3-60 AND gcc-gnat is earlier than 0:3.2.3-60 AND cpp is earlier than 0:3.2.3-60 AND libgcj-devel is earlier than 0:3.2.3-60 AND gcc is earlier than 0:3.2.3-60 AND libgcc is earlier than 0:3.2.3-60 AND libtool is earlier than 0:1.4.3-7 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section gcc-ppc32 is earlier than 0:3.4.6-11.el4_8.1 AND gcc4-gfortran is earlier than 0:4.1.2-44.EL4_8.1 AND gcc-java is earlier than 0:3.4.6-11.el4_8.1 AND gcc-g77 is earlier than 0:3.4.6-11.el4_8.1 AND libgcj is earlier than 0:3.4.6-11.el4_8.1 AND gcc-c++ is earlier than 0:3.4.6-11.el4_8.1 AND libobjc is earlier than 0:3.4.6-11.el4_8.1 AND libgomp is earlier than 0:4.1.2-44.EL4_8.1 AND libstdc++ is earlier than 0:3.4.6-11.el4_8.1 AND libgcj4-src is earlier than 0:4.1.2-44.EL4_8.1 AND libmudflap-devel is earlier than 0:4.1.2-44.EL4_8.1 AND libf2c is earlier than 0:3.4.6-11.el4_8.1 AND gcc-c++-ppc32 is earlier than 0:3.4.6-11.el4_8.1 AND gcc-objc is earlier than 0:3.4.6-11.el4_8.1 AND gcc4-c++ is earlier than 0:4.1.2-44.EL4_8.1 AND libgnat is earlier than 0:3.4.6-11.el4_8.1 AND gcc4 is earlier than 0:4.1.2-44.EL4_8.1 AND libtool-libs is earlier than 0:1.5.6-5.el4_8 AND libgfortran is earlier than 0:4.1.2-44.EL4_8.1 AND gcc4-java is earlier than 0:4.1.2-44.EL4_8.1 AND libmudflap is earlier than 0:4.1.2-44.EL4_8.1 AND libstdc++-devel is earlier than 0:3.4.6-11.el4_8.1 AND libgcj4-devel is earlier than 0:4.1.2-44.EL4_8.1 AND libgcj-devel is earlier than 0:3.4.6-11.el4_8.1 AND gcc-gnat is earlier than 0:3.4.6-11.el4_8.1 AND cpp is earlier than 0:3.4.6-11.el4_8.1 AND gcc is earlier than 0:3.4.6-11.el4_8.1 AND libgcc is earlier than 0:3.4.6-11.el4_8.1 AND libtool is earlier than 0:1.5.6-5.el4_8 AND libgcj4 is earlier than 0:4.1.2-44.EL4_8.1 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section libtool-ltdl-devel is earlier than 0:1.5.22-7.el5_4 AND gcc-gfortran is earlier than 0:4.1.2-46.el5_4.2 AND gcc-java is earlier than 0:4.1.2-46.el5_4.2 AND libgcj is earlier than 0:4.1.2-46.el5_4.2 AND gcc-c++ is earlier than 0:4.1.2-46.el5_4.2 AND libobjc is earlier than 0:4.1.2-46.el5_4.2 AND libstdc++ is earlier than 0:4.1.2-46.el5_4.2 AND libmudflap-devel is earlier than 0:4.1.2-46.el5_4.2 AND gcc-objc is earlier than 0:4.1.2-46.el5_4.2 AND libgnat is earlier than 0:4.1.2-46.el5_4.2 AND libgcj-src is earlier than 0:4.1.2-46.el5_4.2 AND libgfortran is earlier than 0:4.1.2-46.el5_4.2 AND libtool-ltdl is earlier than 0:1.5.22-7.el5_4 AND libmudflap is earlier than 0:4.1.2-46.el5_4.2 AND libstdc++-devel is earlier than 0:4.1.2-46.el5_4.2 AND gcc-objc++ is earlier than 0:4.1.2-46.el5_4.2 AND gcc-gnat is earlier than 0:4.1.2-46.el5_4.2 AND cpp is earlier than 0:4.1.2-46.el5_4.2 AND libgcj-devel is earlier than 0:4.1.2-46.el5_4.2 AND gcc is earlier than 0:4.1.2-46.el5_4.2 AND libgcc is earlier than 0:4.1.2-46.el5_4.2 AND libtool is earlier than 0:1.5.22-7.el5_4

Definition Id: oval:org.mitre.oval:def:12656

Oval ID:	oval:org.mitre.oval:def:12656
Title:	DSA-1958-1 libtool -- privilege escalation
Description:	It was discovered that ltdl, a system-independent dlopen wrapper for GNU libtool, can be tricked to load and run modules from an arbitrary directory, which might be used to execute arbitrary code with the privileges of the user running an application that uses libltdl. For the stable distribution, this problem has been fixed in version 1.5.26-4+lenny1. For the oldstable distribution, this problem has been fixed in version 1.5.22-4+etch1. For the testing distribution and unstable distribution, this problem has been fixed in 2.2.6b-1. We recommend that you upgrade your libtool packages.
Family:	unix	Class:	patch
Reference(s):	DSA-1958-1 CVE-2009-3736	Version:	5
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	libtool
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Architecture section Architecture independent section Installed architecture is all AND libtool-doc DPKG is earlier than 1.5.26-4+lenny1 OR Architecture depended section Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section libltdl3 DPKG is earlier than 1.5.26-4+lenny1 AND libltdl3-dev DPKG is earlier than 1.5.26-4+lenny1 AND libtool DPKG is earlier than 1.5.26-4+lenny1 OR Release section Debian GNU/Linux 4.0 is installed. AND Architecture section Architecture independent section Installed architecture is all AND libtool-doc DPKG is earlier than 1.5.22-4+etch1 AND libltdl3 DPKG is earlier than 1.5.22-4+etch1 AND libltdl3-dev DPKG is earlier than 1.5.22-4+etch1 AND libtool DPKG is earlier than 1.5.22-4+etch1

Definition Id: oval:org.mitre.oval:def:21943

Oval ID:	oval:org.mitre.oval:def:21943
Title:	RHSA-2010:0039: gcc and gcc4 security update (Moderate)
Description:	ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
Family:	unix	Class:	patch
Reference(s):	RHSA-2010:0039-01 CESA-2010:0039 CVE-2009-3736	Version:	4
Platform(s):	Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 5 CentOS Linux 5	Product(s):	gcc gcc4
Definition Synopsis:
Redhat 5 or Centos 5 release The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages section gcc-objc++ is earlier than 0:4.1.2-46.el5_4.2 AND libgfortran is earlier than 0:4.1.2-46.el5_4.2 AND libgcj-src is earlier than 0:4.1.2-46.el5_4.2 AND libmudflap is earlier than 0:4.1.2-46.el5_4.2 AND gcc-gfortran is earlier than 0:4.1.2-46.el5_4.2 AND libgcj-devel is earlier than 0:4.1.2-46.el5_4.2 AND libgcc is earlier than 0:4.1.2-46.el5_4.2 AND cpp is earlier than 0:4.1.2-46.el5_4.2 AND gcc-gnat is earlier than 0:4.1.2-46.el5_4.2 AND libstdc++ is earlier than 0:4.1.2-46.el5_4.2 AND libmudflap-devel is earlier than 0:4.1.2-46.el5_4.2 AND gcc-objc is earlier than 0:4.1.2-46.el5_4.2 AND gcc-c++ is earlier than 0:4.1.2-46.el5_4.2 AND gcc is earlier than 0:4.1.2-46.el5_4.2 AND gcc-java is earlier than 0:4.1.2-46.el5_4.2 AND libgnat is earlier than 0:4.1.2-46.el5_4.2 AND libgcj is earlier than 0:4.1.2-46.el5_4.2 AND libstdc++-devel is earlier than 0:4.1.2-46.el5_4.2 AND libobjc is earlier than 0:4.1.2-46.el5_4.2

Definition Id: oval:org.mitre.oval:def:23008

Oval ID:	oval:org.mitre.oval:def:23008
Title:	ELSA-2009:1646: libtool security update (Moderate)
Description:	ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
Family:	unix	Class:	patch
Reference(s):	ELSA-2009:1646-01 CVE-2009-3736	Version:	6
Platform(s):	Oracle Linux 5	Product(s):	libtool
Definition Synopsis:
Oracle Linux 5.x rpm test libtool is earlier than 0:1.5.22-7.el5_4 AND libtool-ltdl is earlier than 0:1.5.22-7.el5_4 AND libtool-ltdl-devel is earlier than 0:1.5.22-7.el5_4

Definition Id: oval:org.mitre.oval:def:23036

Oval ID:	oval:org.mitre.oval:def:23036
Title:	ELSA-2010:0039: gcc and gcc4 security update (Moderate)
Description:	ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
Family:	unix	Class:	patch
Reference(s):	ELSA-2010:0039-01 CVE-2009-3736	Version:	6
Platform(s):	Oracle Linux 5	Product(s):	gcc gcc4
Definition Synopsis:
Oracle Linux 5.x rpm test gcc-objc++ is earlier than 0:4.1.2-46.el5_4.2 AND libgfortran is earlier than 0:4.1.2-46.el5_4.2 AND libgcj-src is earlier than 0:4.1.2-46.el5_4.2 AND libmudflap is earlier than 0:4.1.2-46.el5_4.2 AND gcc-gfortran is earlier than 0:4.1.2-46.el5_4.2 AND libgcj-devel is earlier than 0:4.1.2-46.el5_4.2 AND libgcc is earlier than 0:4.1.2-46.el5_4.2 AND cpp is earlier than 0:4.1.2-46.el5_4.2 AND gcc-gnat is earlier than 0:4.1.2-46.el5_4.2 AND libstdc++ is earlier than 0:4.1.2-46.el5_4.2 AND libmudflap-devel is earlier than 0:4.1.2-46.el5_4.2 AND gcc-objc is earlier than 0:4.1.2-46.el5_4.2 AND gcc-c++ is earlier than 0:4.1.2-46.el5_4.2 AND gcc is earlier than 0:4.1.2-46.el5_4.2 AND gcc-java is earlier than 0:4.1.2-46.el5_4.2 AND libgnat is earlier than 0:4.1.2-46.el5_4.2 AND libgcj is earlier than 0:4.1.2-46.el5_4.2 AND libstdc++-devel is earlier than 0:4.1.2-46.el5_4.2 AND libobjc is earlier than 0:4.1.2-46.el5_4.2

Definition Id: oval:org.mitre.oval:def:29283

Oval ID:	oval:org.mitre.oval:def:29283
Title:	RHSA-2009:1646 -- libtool security update (Moderate)
Description:	Updated libtool packages that fix one security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.
Family:	unix	Class:	patch
Reference(s):	RHSA-2009:1646 CESA-2009:1646-CentOS 3 CESA-2009:1646-CentOS 5 CVE-2009-3736	Version:	3
Platform(s):	Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 3 CentOS Linux 5	Product(s):	libtool
Definition Synopsis:
Red Hat Enterprise Linux 5 and CentOS Linux 5 release section Operation system section The operating system installed on the system is Red Hat Enterprise Linux 5 AND The operating system installed on the system is CentOS Linux 5.x Packages match section libtool is earlier than 0:1.5.22-7.el5_4 AND libtool-ltdl-devel is earlier than 0:1.5.22-7.el5_4 AND libtool-ltdl is earlier than 0:1.5.22-7.el5_4 AND Red Hat Enterprise Linux 3 release section The operating system installed on the system is Red Hat Enterprise Linux 3 Packages match section libtool is earlier than 0:1.4.3-7 AND libtool-libs is earlier than 0:1.4.3-7 AND Red Hat Enterprise Linux 4 release section The operating system installed on the system is Red Hat Enterprise Linux 4 Packages match section libtool is earlier than 0:1.5.6-5.el4_8 AND libtool-libs is earlier than 0:1.5.6-5.el4_8

Definition Id: oval:org.mitre.oval:def:6951

Oval ID:	oval:org.mitre.oval:def:6951
Title:	GNU Libtool 'libltdl' Library Search Path Local Privilege Escalation Vulnerability
Description:	ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-3736	Version:	6
Platform(s):	VMWare ESX Server 4.0	Product(s):
Definition Synopsis:
VMware ESX Server 4.0 is installed AND Patch ESX400-201005407-SG is not installed

Definition Id: oval:org.mitre.oval:def:7481

Oval ID:	oval:org.mitre.oval:def:7481
Title:	DSA-1958 libtool -- privilege escalation
Description:	It was discovered that ltdl, a system-independent dlopen wrapper for GNU libtool, can be tricked to load and run modules from an arbitrary directory, which might be used to execute arbitrary code with the privileges of the user running an application that uses libltdl.
Family:	unix	Class:	patch
Reference(s):	DSA-1958 CVE-2009-3736	Version:	5
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	libtool
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Architecture section Architecture independent section Installed architecture is all AND libtool-doc is earlier than 1.5.26-4+lenny1 OR Architecture dependent section Supported architectures section Installed architecture is s390 AND Installed architecture is amd64 AND Installed architecture is sparc AND Installed architecture is arm AND Installed architecture is i386 AND Installed architecture is armel AND Installed architecture is mips AND Installed architecture is ia64 AND Installed architecture is alpha AND Installed architecture is powerpc AND Installed architecture is mipsel AND Installed architecture is hppa AND Packages section libltdl3 is earlier than 1.5.26-4+lenny1 AND libltdl3-dev is earlier than 1.5.26-4+lenny1 AND libtool is earlier than 1.5.26-4+lenny1 OR Release section Debian GNU/Linux 4.0 is installed. AND Architecture section Architecture independent section Installed architecture is all AND libtool-doc is earlier than 1.5.22-4+etch1 AND libltdl3 is earlier than 1.5.22-4+etch1 AND libltdl3-dev is earlier than 1.5.22-4+etch1 AND libtool is earlier than 1.5.22-4+etch1

CPE : Common Platform Enumeration

Type	Description	Count
Application	Gnu Libtool cpe:2.3:a:gnu:libtool:2.2.6a:::::::* cpe:2.3:a:gnu:libtool:1.5.8:::::::* cpe:2.3:a:gnu:libtool:1.5.6:::::::* cpe:2.3:a:gnu:libtool:1.5.4:::::::* cpe:2.3:a:gnu:libtool:1.5.26:::::::* cpe:2.3:a:gnu:libtool:1.5.24:::::::* cpe:2.3:a:gnu:libtool:1.5.22:::::::* cpe:2.3:a:gnu:libtool:1.5.20:::::::* cpe:2.3:a:gnu:libtool:1.5.2:::::::* cpe:2.3:a:gnu:libtool:1.5.18:::::::* cpe:2.3:a:gnu:libtool:1.5.16:::::::* cpe:2.3:a:gnu:libtool:1.5.14:::::::* cpe:2.3:a:gnu:libtool:1.5.12:::::::* cpe:2.3:a:gnu:libtool:1.5.10:::::::* cpe:2.3:a:gnu:libtool:1.5:::::::*	15

OpenVAS Exploits

Date	Description
2012-04-16	Name : VMSA-2010-0009: ESXi utilities and ESX Service Console third party updates File : nvt/gb_VMSA-2010-0009.nasl
2011-08-09	Name : CentOS Update for libtool CESA-2009:1646 centos3 i386 File : nvt/gb_CESA-2009_1646_libtool_centos3_i386.nasl
2011-08-09	Name : CentOS Update for libtool CESA-2009:1646 centos4 i386 File : nvt/gb_CESA-2009_1646_libtool_centos4_i386.nasl
2011-08-09	Name : CentOS Update for libtool CESA-2009:1646 centos5 i386 File : nvt/gb_CESA-2009_1646_libtool_centos5_i386.nasl
2011-08-09	Name : CentOS Update for cpp CESA-2010:0039 centos5 i386 File : nvt/gb_CESA-2010_0039_cpp_centos5_i386.nasl
2011-03-07	Name : Fedora Update for q FEDORA-2011-1967 File : nvt/gb_fedora_2011_1967_q_fc14.nasl
2011-03-07	Name : Fedora Update for q FEDORA-2011-1958 File : nvt/gb_fedora_2011_1958_q_fc13.nasl
2010-07-12	Name : Fedora Update for libtool FEDORA-2010-10640 File : nvt/gb_fedora_2010_10640_libtool_fc12.nasl
2010-07-12	Name : Fedora Update for gcc FEDORA-2010-10640 File : nvt/gb_fedora_2010_10640_gcc_fc12.nasl
2010-05-28	Name : Mandriva Update for openoffice.org MDVSA-2010:105 (openoffice.org) File : nvt/gb_mandriva_MDVSA_2010_105.nasl
2010-05-28	Name : Fedora Update for libprelude FEDORA-2010-8756 File : nvt/gb_fedora_2010_8756_libprelude_fc12.nasl
2010-05-07	Name : Mandriva Update for openoffice.org MDVSA-2010:091 (openoffice.org) File : nvt/gb_mandriva_MDVSA_2010_091.nasl
2010-04-16	Name : Mandriva Update for openoffice.org MDVSA-2010:075 (openoffice.org) File : nvt/gb_mandriva_MDVSA_2010_075.nasl
2010-04-06	Name : Fedora Update for hamlib FEDORA-2010-4407 File : nvt/gb_fedora_2010_4407_hamlib_fc12.nasl
2010-04-06	Name : Fedora Update for hamlib FEDORA-2010-4352 File : nvt/gb_fedora_2010_4352_hamlib_fc11.nasl
2010-03-22	Name : Fedora Update for gnu-smalltalk FEDORA-2010-4339 File : nvt/gb_fedora_2010_4339_gnu-smalltalk_fc12.nasl
2010-03-22	Name : Fedora Update for gnu-smalltalk FEDORA-2010-4392 File : nvt/gb_fedora_2010_4392_gnu-smalltalk_fc11.nasl
2010-03-22	Name : Mandriva Update for lvm2 MDVA-2010:105 (lvm2) File : nvt/gb_mandriva_MDVA_2010_105.nasl
2010-03-22	Name : Fedora Update for esorex FEDORA-2010-3314 File : nvt/gb_fedora_2010_3314_esorex_fc11.nasl
2010-03-22	Name : Fedora Update for esorex FEDORA-2010-3216 File : nvt/gb_fedora_2010_3216_esorex_fc12.nasl
2010-03-12	Name : Mandriva Update for slib MDVA-2010:091 (slib) File : nvt/gb_mandriva_MDVA_2010_091.nasl
2010-03-12	Name : Mandriva Update for openoffice.org MDVSA-2010:056 (openoffice.org) File : nvt/gb_mandriva_MDVSA_2010_056.nasl
2010-03-02	Name : Fedora Update for gambas FEDORA-2010-1924 File : nvt/gb_fedora_2010_1924_gambas_fc11.nasl
2010-03-02	Name : Fedora Update for mingw32-libltdl FEDORA-2010-2341 File : nvt/gb_fedora_2010_2341_mingw32-libltdl_fc12.nasl
2010-03-02	Name : Fedora Update for mingw32-libltdl FEDORA-2010-2943 File : nvt/gb_fedora_2010_2943_mingw32-libltdl_fc11.nasl
2010-03-02	Name : Fedora Update for gnash FEDORA-2010-1833 File : nvt/gb_fedora_2010_1833_gnash_fc11.nasl
2010-03-02	Name : Fedora Update for gnash FEDORA-2010-1820 File : nvt/gb_fedora_2010_1820_gnash_fc12.nasl
2010-03-02	Name : Mandriva Update for phpmyadmin MDVA-2010:075 (phpmyadmin) File : nvt/gb_mandriva_MDVA_2010_075.nasl
2010-03-02	Name : Fedora Update for gambas FEDORA-2010-1872 File : nvt/gb_fedora_2010_1872_gambas_fc12.nasl
2010-02-15	Name : Mandriva Update for samba MDVA-2010:056 (samba) File : nvt/gb_mandriva_MDVA_2010_056.nasl
2010-02-15	Name : Mandriva Update for openoffice.org MDVSA-2010:035 (openoffice.org) File : nvt/gb_mandriva_MDVSA_2010_035.nasl
2010-01-19	Name : CentOS Update for cpp CESA-2010:0039 centos4 i386 File : nvt/gb_CESA-2010_0039_cpp_centos4_i386.nasl
2010-01-19	Name : CentOS Update for cpp CESA-2010:0039 centos3 i386 File : nvt/gb_CESA-2010_0039_cpp_centos3_i386.nasl
2010-01-19	Name : CentOS Update for cpp CESA-2010:0039 centos3 x86_64 File : nvt/gb_CESA-2010_0039_cpp_centos3_x86_64.nasl
2010-01-19	Name : CentOS Update for cpp CESA-2010:0039 centos4 x86_64 File : nvt/gb_CESA-2010_0039_cpp_centos4_x86_64.nasl
2010-01-19	Name : RedHat Update for gcc and gcc4 RHSA-2010:0039-01 File : nvt/gb_RHSA-2010_0039-01_gcc_and_gcc4.nasl
2009-12-30	Name : Debian Security Advisory DSA 1958-1 (libtool) File : nvt/deb_1958_1.nasl
2009-12-30	Name : Fedora Core 12 FEDORA-2009-12813 (gcc) File : nvt/fcore_2009_12813.nasl
2009-12-30	Name : Fedora Core 11 FEDORA-2009-12725 (libtool) File : nvt/fcore_2009_12725.nasl
2009-12-30	Name : Fedora Core 12 FEDORA-2009-12562 (libtool) File : nvt/fcore_2009_12562.nasl
2009-12-14	Name : RedHat Security Advisory RHSA-2009:1646 File : nvt/RHSA_2009_1646.nasl
2009-12-14	Name : CentOS Security Advisory CESA-2009:1646 (libtool) File : nvt/ovcesa2009_1646.nasl
2009-12-10	Name : Mandriva Security Advisory MDVSA-2009:307-1 (libtool) File : nvt/mdksa_2009_307_1.nasl
2009-12-10	Name : Mandriva Security Advisory MDVSA-2009:318 (xmlsec1) File : nvt/mdksa_2009_318.nasl
2009-12-03	Name : FreeBSD Ports: libtool File : nvt/freebsd_libtool0.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
60522	libtool libltdl ltdl.c Library Search Path Subversion Local Privilege Escalation

Nessus® Vulnerability Scanner

Date	Description
2016-03-08	Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2010-0009_remote.nasl - Type : ACT_GATHER_INFO
2014-12-15	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-08.nasl - Type : ACT_GATHER_INFO
2013-11-19	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201311-10.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0039.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1646.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100113_gcc_and_gcc4_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20091208_libtool_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2011-03-04	Name : The remote Fedora host is missing a security update. File : fedora_2011-1967.nasl - Type : ACT_GATHER_INFO
2011-03-04	Name : The remote Fedora host is missing a security update. File : fedora_2011-1958.nasl - Type : ACT_GATHER_INFO
2011-03-03	Name : The remote Fedora host is missing a security update. File : fedora_2011-1990.nasl - Type : ACT_GATHER_INFO
2010-10-11	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libtool-6683.nasl - Type : ACT_GATHER_INFO
2010-07-30	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-075.nasl - Type : ACT_GATHER_INFO
2010-07-30	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-035.nasl - Type : ACT_GATHER_INFO
2010-07-07	Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-10640.nasl - Type : ACT_GATHER_INFO
2010-07-01	Name : The remote Fedora host is missing a security update. File : fedora_2010-2341.nasl - Type : ACT_GATHER_INFO
2010-07-01	Name : The remote Fedora host is missing a security update. File : fedora_2010-1820.nasl - Type : ACT_GATHER_INFO
2010-07-01	Name : The remote Fedora host is missing a security update. File : fedora_2010-1833.nasl - Type : ACT_GATHER_INFO
2010-07-01	Name : The remote Fedora host is missing a security update. File : fedora_2010-1872.nasl - Type : ACT_GATHER_INFO
2010-07-01	Name : The remote Fedora host is missing a security update. File : fedora_2010-8756.nasl - Type : ACT_GATHER_INFO
2010-07-01	Name : The remote Fedora host is missing a security update. File : fedora_2010-4407.nasl - Type : ACT_GATHER_INFO
2010-07-01	Name : The remote Fedora host is missing a security update. File : fedora_2010-4352.nasl - Type : ACT_GATHER_INFO
2010-07-01	Name : The remote Fedora host is missing a security update. File : fedora_2010-4340.nasl - Type : ACT_GATHER_INFO
2010-07-01	Name : The remote Fedora host is missing a security update. File : fedora_2010-4339.nasl - Type : ACT_GATHER_INFO
2010-07-01	Name : The remote Fedora host is missing a security update. File : fedora_2010-4392.nasl - Type : ACT_GATHER_INFO
2010-07-01	Name : The remote Fedora host is missing a security update. File : fedora_2010-4098.nasl - Type : ACT_GATHER_INFO
2010-07-01	Name : The remote Fedora host is missing a security update. File : fedora_2010-1924.nasl - Type : ACT_GATHER_INFO
2010-07-01	Name : The remote Fedora host is missing a security update. File : fedora_2010-3314.nasl - Type : ACT_GATHER_INFO
2010-07-01	Name : The remote Fedora host is missing a security update. File : fedora_2010-3216.nasl - Type : ACT_GATHER_INFO
2010-07-01	Name : The remote Fedora host is missing a security update. File : fedora_2010-2943.nasl - Type : ACT_GATHER_INFO
2010-06-01	Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2010-0009.nasl - Type : ACT_GATHER_INFO
2010-05-24	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-105.nasl - Type : ACT_GATHER_INFO
2010-03-08	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-056.nasl - Type : ACT_GATHER_INFO
2010-03-01	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12554.nasl - Type : ACT_GATHER_INFO
2010-02-24	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1958.nasl - Type : ACT_GATHER_INFO
2010-01-15	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0039.nasl - Type : ACT_GATHER_INFO
2010-01-14	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0039.nasl - Type : ACT_GATHER_INFO
2010-01-05	Name : The remote openSUSE host is missing a security update. File : suse_11_0_libltdl-3-091201.nasl - Type : ACT_GATHER_INFO
2010-01-05	Name : The remote openSUSE host is missing a security update. File : suse_11_1_libltdl-3-091201.nasl - Type : ACT_GATHER_INFO
2010-01-05	Name : The remote openSUSE host is missing a security update. File : suse_11_2_libltdl-3-091202.nasl - Type : ACT_GATHER_INFO
2010-01-05	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libltdl7-091201.nasl - Type : ACT_GATHER_INFO
2010-01-05	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libtool-6678.nasl - Type : ACT_GATHER_INFO
2009-12-30	Name : The remote Fedora host is missing a security update. File : fedora_2009-12562.nasl - Type : ACT_GATHER_INFO
2009-12-30	Name : The remote Fedora host is missing a security update. File : fedora_2009-12813.nasl - Type : ACT_GATHER_INFO
2009-12-22	Name : The remote Fedora host is missing a security update. File : fedora_2009-12725.nasl - Type : ACT_GATHER_INFO
2009-12-09	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1646.nasl - Type : ACT_GATHER_INFO
2009-12-09	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1646.nasl - Type : ACT_GATHER_INFO
2009-12-07	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-318.nasl - Type : ACT_GATHER_INFO
2009-12-01	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-307.nasl - Type : ACT_GATHER_INFO
2009-11-30	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_77c14729dc5e11de92ae02e0184b8d35.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source	Url
BID	http://www.securityfocus.com/bid/37128
CONFIRM	ftp://ftp.gnu.org/gnu/libtool/libtool-2.2.6a-2.2.6b.diff.gz http://git.savannah.gnu.org/cgit/libtool.git/commit/?h=branch-1-5&id=29b4... http://hamlib.svn.sourceforge.net/viewvc/hamlib/trunk/libltdl/Makefile.am?rev... http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://support.avaya.com/css/P8/documents/100074869 https://bugzilla.redhat.com/show_bug.cgi?id=537941
FEDORA	http://lists.fedoraproject.org/pipermail/package-announce/2010-February/03513... http://lists.fedoraproject.org/pipermail/package-announce/2010-February/03516... http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054656.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054915.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054921.html https://www.redhat.com/archives/fedora-package-announce/2009-December/msg0151...
GENTOO	http://security.gentoo.org/glsa/glsa-201311-10.xml
MANDRIVA	http://www.mandriva.com/security/advisories?name=MDVSA-2009:307 http://www.mandriva.com/security/advisories?name=MDVSA-2010:035 http://www.mandriva.com/security/advisories?name=MDVSA-2010:091 http://www.mandriva.com/security/advisories?name=MDVSA-2010:105
MLIST	http://lists.gnu.org/archive/html/libtool/2009-11/msg00059.html http://lists.gnu.org/archive/html/libtool/2009-11/msg00065.html
OVAL	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova... https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
REDHAT	http://www.redhat.com/support/errata/RHSA-2010-0039.html https://rhn.redhat.com/errata/RHSA-2010-0095.html
SECUNIA	http://secunia.com/advisories/37414 http://secunia.com/advisories/37489 http://secunia.com/advisories/37997 http://secunia.com/advisories/38190 http://secunia.com/advisories/38577 http://secunia.com/advisories/38617 http://secunia.com/advisories/38696 http://secunia.com/advisories/38915 http://secunia.com/advisories/39299 http://secunia.com/advisories/39347 http://secunia.com/advisories/43617 http://secunia.com/advisories/55721
SUSE	http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
VUPEN	http://www.vupen.com/english/advisories/2011/0574

Alert History

If you want to see full details history, please login or register.

Date	Informations
2021-05-04 12:10:22	Multiple Updates
2021-04-22 01:10:49	Multiple Updates
2020-05-23 00:24:29	Multiple Updates
2017-09-19 09:23:27	Multiple Updates
2016-12-08 09:23:23	Multiple Updates
2016-04-26 19:12:56	Multiple Updates
2016-03-09 13:25:54	Multiple Updates
2014-12-16 13:24:31	Multiple Updates
2014-02-17 10:52:06	Multiple Updates
2013-11-25 13:20:26	Multiple Updates
2013-05-10 23:59:51	Multiple Updates

Global Informations

Type	Count
Oval ID(s)	8
CPE ID(s)	15
Sources(s)	38
osvdb(s)	1
Openvas Exploit(s)	45
Nessus® Exploit(s)	49

	Related
10	VMSA-2010-0009
10	GLSA-201412-08
9.3	MDVSA-2010:105
9.3	MDVSA-2010:091
9.3	MDVSA-2010:056
9.3	MDVSA-2010:035
9.3	GLSA-201311-10
6.9	RHSA-2010:0039
6.9	RHSA-2009:1646
6.9	MDVSA-2010:075
6.9	MDVSA-2009:318
6.9	MDVSA-2009:307-1
6.9	MDVSA-2009:307
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 13 more Alert(s)

6.9 - CVE-2009-3736

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU