CVE-2009-3736

ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.

Affected Software

Name	Vendor	Start Version	End Version
Libtool	Gnu	1.5 (including)	1.5 (including)
Libtool	Gnu	1.5.2 (including)	1.5.2 (including)
Libtool	Gnu	1.5.4 (including)	1.5.4 (including)
Libtool	Gnu	1.5.6 (including)	1.5.6 (including)
Libtool	Gnu	1.5.8 (including)	1.5.8 (including)
Libtool	Gnu	1.5.10 (including)	1.5.10 (including)
Libtool	Gnu	1.5.12 (including)	1.5.12 (including)
Libtool	Gnu	1.5.14 (including)	1.5.14 (including)
Libtool	Gnu	1.5.16 (including)	1.5.16 (including)
Libtool	Gnu	1.5.18 (including)	1.5.18 (including)
Libtool	Gnu	1.5.20 (including)	1.5.20 (including)
Libtool	Gnu	1.5.22 (including)	1.5.22 (including)
Libtool	Gnu	1.5.24 (including)	1.5.24 (including)
Libtool	Gnu	1.5.26 (including)	1.5.26 (including)
Libtool	Gnu	2.2.6a (including)	2.2.6a (including)
Red Hat Enterprise Linux 3	RedHat	libtool-0:1.4.3-7	*
Red Hat Enterprise Linux 3	RedHat	gcc-0:3.2.3-60	*
Red Hat Enterprise Linux 4	RedHat	libtool-0:1.5.6-5.el4_8	*
Red Hat Enterprise Linux 4	RedHat	gcc-0:3.4.6-11.el4_8.1	*
Red Hat Enterprise Linux 4	RedHat	gcc4-0:4.1.2-44.EL4_8.1	*
Red Hat Enterprise Linux 5	RedHat	libtool-0:1.5.22-7.el5_4	*
Red Hat Enterprise Linux 5	RedHat	gcc-0:4.1.2-46.el5_4.2	*
Libtool	Ubuntu	dapper	*
Libtool	Ubuntu	hardy	*
Libtool	Ubuntu	intrepid	*
Libtool	Ubuntu	jaunty	*
Libtool	Ubuntu	karmic	*
Libtool	Ubuntu	upstream	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2009-3736
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References