ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Libtool | Gnu | 1.5 (including) | 1.5 (including) |
| Libtool | Gnu | 1.5.2 (including) | 1.5.2 (including) |
| Libtool | Gnu | 1.5.4 (including) | 1.5.4 (including) |
| Libtool | Gnu | 1.5.6 (including) | 1.5.6 (including) |
| Libtool | Gnu | 1.5.8 (including) | 1.5.8 (including) |
| Libtool | Gnu | 1.5.10 (including) | 1.5.10 (including) |
| Libtool | Gnu | 1.5.12 (including) | 1.5.12 (including) |
| Libtool | Gnu | 1.5.14 (including) | 1.5.14 (including) |
| Libtool | Gnu | 1.5.16 (including) | 1.5.16 (including) |
| Libtool | Gnu | 1.5.18 (including) | 1.5.18 (including) |
| Libtool | Gnu | 1.5.20 (including) | 1.5.20 (including) |
| Libtool | Gnu | 1.5.22 (including) | 1.5.22 (including) |
| Libtool | Gnu | 1.5.24 (including) | 1.5.24 (including) |
| Libtool | Gnu | 1.5.26 (including) | 1.5.26 (including) |
| Libtool | Gnu | 2.2.6a (including) | 2.2.6a (including) |
| Red Hat Enterprise Linux 3 | RedHat | libtool-0:1.4.3-7 | * |
| Red Hat Enterprise Linux 3 | RedHat | gcc-0:3.2.3-60 | * |
| Red Hat Enterprise Linux 4 | RedHat | libtool-0:1.5.6-5.el4_8 | * |
| Red Hat Enterprise Linux 4 | RedHat | gcc-0:3.4.6-11.el4_8.1 | * |
| Red Hat Enterprise Linux 4 | RedHat | gcc4-0:4.1.2-44.EL4_8.1 | * |
| Red Hat Enterprise Linux 5 | RedHat | libtool-0:1.5.22-7.el5_4 | * |
| Red Hat Enterprise Linux 5 | RedHat | gcc-0:4.1.2-46.el5_4.2 | * |
| Libtool | Ubuntu | dapper | * |
| Libtool | Ubuntu | hardy | * |
| Libtool | Ubuntu | intrepid | * |
| Libtool | Ubuntu | jaunty | * |
| Libtool | Ubuntu | karmic | * |
| Libtool | Ubuntu | upstream | * |