ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Libtool | Gnu | 1.5 (including) | 1.5 (including) |
| Libtool | Gnu | 1.5.2 (including) | 1.5.2 (including) |
| Libtool | Gnu | 1.5.4 (including) | 1.5.4 (including) |
| Libtool | Gnu | 1.5.6 (including) | 1.5.6 (including) |
| Libtool | Gnu | 1.5.8 (including) | 1.5.8 (including) |
| Libtool | Gnu | 1.5.10 (including) | 1.5.10 (including) |
| Libtool | Gnu | 1.5.12 (including) | 1.5.12 (including) |
| Libtool | Gnu | 1.5.14 (including) | 1.5.14 (including) |
| Libtool | Gnu | 1.5.16 (including) | 1.5.16 (including) |
| Libtool | Gnu | 1.5.18 (including) | 1.5.18 (including) |
| Libtool | Gnu | 1.5.20 (including) | 1.5.20 (including) |
| Libtool | Gnu | 1.5.22 (including) | 1.5.22 (including) |
| Libtool | Gnu | 1.5.24 (including) | 1.5.24 (including) |
| Libtool | Gnu | 1.5.26 (including) | 1.5.26 (including) |
| Libtool | Gnu | 2.2.6a (including) | 2.2.6a (including) |