Executive Summary
Summary | |
---|---|
Title | libtool security update |
Informations | |||
---|---|---|---|
Name | RHSA-2009:1646 | First vendor Publication | 2009-12-08 |
Vendor | RedHat | Last vendor Modification | 2009-12-08 |
Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 6.9 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 3.4 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated libtool packages that fix one security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: GNU Libtool is a set of shell scripts which automatically configure UNIX, Linux, and similar operating systems to generically build shared libraries. A flaw was found in the way GNU Libtool's libltdl library looked for modules to load. It was possible for libltdl to load and run modules from an arbitrary library in the current working directory. If a local attacker could trick a local user into running an application (which uses libltdl) from an attacker-controlled directory containing a malicious Libtool control file (.la), the attacker could possibly execute arbitrary code with the privileges of the user running the application. (CVE-2009-3736) All libtool users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, applications using the libltdl library must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 537941 - CVE-2009-3736 libtool: libltdl may load and execute code from a library in the current directory |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2009-1646.html |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:12656 | |||
Oval ID: | oval:org.mitre.oval:def:12656 | ||
Title: | DSA-1958-1 libtool -- privilege escalation | ||
Description: | It was discovered that ltdl, a system-independent dlopen wrapper for GNU libtool, can be tricked to load and run modules from an arbitrary directory, which might be used to execute arbitrary code with the privileges of the user running an application that uses libltdl. For the stable distribution, this problem has been fixed in version 1.5.26-4+lenny1. For the oldstable distribution, this problem has been fixed in version 1.5.22-4+etch1. For the testing distribution and unstable distribution, this problem has been fixed in 2.2.6b-1. We recommend that you upgrade your libtool packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1958-1 CVE-2009-3736 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | libtool |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23008 | |||
Oval ID: | oval:org.mitre.oval:def:23008 | ||
Title: | ELSA-2009:1646: libtool security update (Moderate) | ||
Description: | ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1646-01 CVE-2009-3736 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | libtool |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:29283 | |||
Oval ID: | oval:org.mitre.oval:def:29283 | ||
Title: | RHSA-2009:1646 -- libtool security update (Moderate) | ||
Description: | Updated libtool packages that fix one security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:1646 CESA-2009:1646-CentOS 3 CESA-2009:1646-CentOS 5 CVE-2009-3736 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 3 CentOS Linux 5 | Product(s): | libtool |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6951 | |||
Oval ID: | oval:org.mitre.oval:def:6951 | ||
Title: | GNU Libtool 'libltdl' Library Search Path Local Privilege Escalation Vulnerability | ||
Description: | ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3736 | Version: | 6 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7481 | |||
Oval ID: | oval:org.mitre.oval:def:7481 | ||
Title: | DSA-1958 libtool -- privilege escalation | ||
Description: | It was discovered that ltdl, a system-independent dlopen wrapper for GNU libtool, can be tricked to load and run modules from an arbitrary directory, which might be used to execute arbitrary code with the privileges of the user running an application that uses libltdl. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1958 CVE-2009-3736 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | libtool |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-04-16 | Name : VMSA-2010-0009: ESXi utilities and ESX Service Console third party updates File : nvt/gb_VMSA-2010-0009.nasl |
2011-08-09 | Name : CentOS Update for libtool CESA-2009:1646 centos3 i386 File : nvt/gb_CESA-2009_1646_libtool_centos3_i386.nasl |
2011-08-09 | Name : CentOS Update for libtool CESA-2009:1646 centos4 i386 File : nvt/gb_CESA-2009_1646_libtool_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for libtool CESA-2009:1646 centos5 i386 File : nvt/gb_CESA-2009_1646_libtool_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for cpp CESA-2010:0039 centos5 i386 File : nvt/gb_CESA-2010_0039_cpp_centos5_i386.nasl |
2011-03-07 | Name : Fedora Update for q FEDORA-2011-1967 File : nvt/gb_fedora_2011_1967_q_fc14.nasl |
2011-03-07 | Name : Fedora Update for q FEDORA-2011-1958 File : nvt/gb_fedora_2011_1958_q_fc13.nasl |
2010-07-12 | Name : Fedora Update for libtool FEDORA-2010-10640 File : nvt/gb_fedora_2010_10640_libtool_fc12.nasl |
2010-07-12 | Name : Fedora Update for gcc FEDORA-2010-10640 File : nvt/gb_fedora_2010_10640_gcc_fc12.nasl |
2010-05-28 | Name : Mandriva Update for openoffice.org MDVSA-2010:105 (openoffice.org) File : nvt/gb_mandriva_MDVSA_2010_105.nasl |
2010-05-28 | Name : Fedora Update for libprelude FEDORA-2010-8756 File : nvt/gb_fedora_2010_8756_libprelude_fc12.nasl |
2010-05-07 | Name : Mandriva Update for openoffice.org MDVSA-2010:091 (openoffice.org) File : nvt/gb_mandriva_MDVSA_2010_091.nasl |
2010-04-16 | Name : Mandriva Update for openoffice.org MDVSA-2010:075 (openoffice.org) File : nvt/gb_mandriva_MDVSA_2010_075.nasl |
2010-04-06 | Name : Fedora Update for hamlib FEDORA-2010-4407 File : nvt/gb_fedora_2010_4407_hamlib_fc12.nasl |
2010-04-06 | Name : Fedora Update for hamlib FEDORA-2010-4352 File : nvt/gb_fedora_2010_4352_hamlib_fc11.nasl |
2010-03-22 | Name : Fedora Update for gnu-smalltalk FEDORA-2010-4339 File : nvt/gb_fedora_2010_4339_gnu-smalltalk_fc12.nasl |
2010-03-22 | Name : Fedora Update for gnu-smalltalk FEDORA-2010-4392 File : nvt/gb_fedora_2010_4392_gnu-smalltalk_fc11.nasl |
2010-03-22 | Name : Mandriva Update for lvm2 MDVA-2010:105 (lvm2) File : nvt/gb_mandriva_MDVA_2010_105.nasl |
2010-03-22 | Name : Fedora Update for esorex FEDORA-2010-3314 File : nvt/gb_fedora_2010_3314_esorex_fc11.nasl |
2010-03-22 | Name : Fedora Update for esorex FEDORA-2010-3216 File : nvt/gb_fedora_2010_3216_esorex_fc12.nasl |
2010-03-12 | Name : Mandriva Update for slib MDVA-2010:091 (slib) File : nvt/gb_mandriva_MDVA_2010_091.nasl |
2010-03-12 | Name : Mandriva Update for openoffice.org MDVSA-2010:056 (openoffice.org) File : nvt/gb_mandriva_MDVSA_2010_056.nasl |
2010-03-02 | Name : Fedora Update for gambas FEDORA-2010-1924 File : nvt/gb_fedora_2010_1924_gambas_fc11.nasl |
2010-03-02 | Name : Fedora Update for mingw32-libltdl FEDORA-2010-2341 File : nvt/gb_fedora_2010_2341_mingw32-libltdl_fc12.nasl |
2010-03-02 | Name : Fedora Update for mingw32-libltdl FEDORA-2010-2943 File : nvt/gb_fedora_2010_2943_mingw32-libltdl_fc11.nasl |
2010-03-02 | Name : Fedora Update for gnash FEDORA-2010-1833 File : nvt/gb_fedora_2010_1833_gnash_fc11.nasl |
2010-03-02 | Name : Fedora Update for gnash FEDORA-2010-1820 File : nvt/gb_fedora_2010_1820_gnash_fc12.nasl |
2010-03-02 | Name : Mandriva Update for phpmyadmin MDVA-2010:075 (phpmyadmin) File : nvt/gb_mandriva_MDVA_2010_075.nasl |
2010-03-02 | Name : Fedora Update for gambas FEDORA-2010-1872 File : nvt/gb_fedora_2010_1872_gambas_fc12.nasl |
2010-02-15 | Name : Mandriva Update for samba MDVA-2010:056 (samba) File : nvt/gb_mandriva_MDVA_2010_056.nasl |
2010-02-15 | Name : Mandriva Update for openoffice.org MDVSA-2010:035 (openoffice.org) File : nvt/gb_mandriva_MDVSA_2010_035.nasl |
2010-01-19 | Name : CentOS Update for cpp CESA-2010:0039 centos4 i386 File : nvt/gb_CESA-2010_0039_cpp_centos4_i386.nasl |
2010-01-19 | Name : CentOS Update for cpp CESA-2010:0039 centos3 i386 File : nvt/gb_CESA-2010_0039_cpp_centos3_i386.nasl |
2010-01-19 | Name : CentOS Update for cpp CESA-2010:0039 centos3 x86_64 File : nvt/gb_CESA-2010_0039_cpp_centos3_x86_64.nasl |
2010-01-19 | Name : CentOS Update for cpp CESA-2010:0039 centos4 x86_64 File : nvt/gb_CESA-2010_0039_cpp_centos4_x86_64.nasl |
2010-01-19 | Name : RedHat Update for gcc and gcc4 RHSA-2010:0039-01 File : nvt/gb_RHSA-2010_0039-01_gcc_and_gcc4.nasl |
2009-12-30 | Name : Debian Security Advisory DSA 1958-1 (libtool) File : nvt/deb_1958_1.nasl |
2009-12-30 | Name : Fedora Core 12 FEDORA-2009-12813 (gcc) File : nvt/fcore_2009_12813.nasl |
2009-12-30 | Name : Fedora Core 11 FEDORA-2009-12725 (libtool) File : nvt/fcore_2009_12725.nasl |
2009-12-30 | Name : Fedora Core 12 FEDORA-2009-12562 (libtool) File : nvt/fcore_2009_12562.nasl |
2009-12-14 | Name : RedHat Security Advisory RHSA-2009:1646 File : nvt/RHSA_2009_1646.nasl |
2009-12-14 | Name : CentOS Security Advisory CESA-2009:1646 (libtool) File : nvt/ovcesa2009_1646.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:307-1 (libtool) File : nvt/mdksa_2009_307_1.nasl |
2009-12-10 | Name : Mandriva Security Advisory MDVSA-2009:318 (xmlsec1) File : nvt/mdksa_2009_318.nasl |
2009-12-03 | Name : FreeBSD Ports: libtool File : nvt/freebsd_libtool0.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
60522 | libtool libltdl ltdl.c Library Search Path Subversion Local Privilege Escalation |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-08 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2010-0009_remote.nasl - Type : ACT_GATHER_INFO |
2014-12-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-08.nasl - Type : ACT_GATHER_INFO |
2013-11-19 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201311-10.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0039.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1646.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100113_gcc_and_gcc4_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20091208_libtool_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2011-03-04 | Name : The remote Fedora host is missing a security update. File : fedora_2011-1967.nasl - Type : ACT_GATHER_INFO |
2011-03-04 | Name : The remote Fedora host is missing a security update. File : fedora_2011-1958.nasl - Type : ACT_GATHER_INFO |
2011-03-03 | Name : The remote Fedora host is missing a security update. File : fedora_2011-1990.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libtool-6683.nasl - Type : ACT_GATHER_INFO |
2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-075.nasl - Type : ACT_GATHER_INFO |
2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-035.nasl - Type : ACT_GATHER_INFO |
2010-07-07 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-10640.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-2341.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-1820.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-1833.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-1872.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-8756.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-4407.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-4352.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-4340.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-4339.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-4392.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-4098.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-1924.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-3314.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-3216.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-2943.nasl - Type : ACT_GATHER_INFO |
2010-06-01 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2010-0009.nasl - Type : ACT_GATHER_INFO |
2010-05-24 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-105.nasl - Type : ACT_GATHER_INFO |
2010-03-08 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-056.nasl - Type : ACT_GATHER_INFO |
2010-03-01 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12554.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1958.nasl - Type : ACT_GATHER_INFO |
2010-01-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0039.nasl - Type : ACT_GATHER_INFO |
2010-01-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0039.nasl - Type : ACT_GATHER_INFO |
2010-01-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libltdl-3-091201.nasl - Type : ACT_GATHER_INFO |
2010-01-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libltdl-3-091201.nasl - Type : ACT_GATHER_INFO |
2010-01-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libltdl-3-091202.nasl - Type : ACT_GATHER_INFO |
2010-01-05 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libltdl7-091201.nasl - Type : ACT_GATHER_INFO |
2010-01-05 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libtool-6678.nasl - Type : ACT_GATHER_INFO |
2009-12-30 | Name : The remote Fedora host is missing a security update. File : fedora_2009-12562.nasl - Type : ACT_GATHER_INFO |
2009-12-30 | Name : The remote Fedora host is missing a security update. File : fedora_2009-12813.nasl - Type : ACT_GATHER_INFO |
2009-12-22 | Name : The remote Fedora host is missing a security update. File : fedora_2009-12725.nasl - Type : ACT_GATHER_INFO |
2009-12-09 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1646.nasl - Type : ACT_GATHER_INFO |
2009-12-09 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1646.nasl - Type : ACT_GATHER_INFO |
2009-12-07 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-318.nasl - Type : ACT_GATHER_INFO |
2009-12-01 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-307.nasl - Type : ACT_GATHER_INFO |
2009-11-30 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_77c14729dc5e11de92ae02e0184b8d35.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:53:05 |
|