6.9

CVE-2009-3736

ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnuLibtool Version1.5
GnuLibtool Version1.5.2
GnuLibtool Version1.5.4
GnuLibtool Version1.5.6
GnuLibtool Version1.5.8
GnuLibtool Version1.5.10
GnuLibtool Version1.5.12
GnuLibtool Version1.5.14
GnuLibtool Version1.5.16
GnuLibtool Version1.5.18
GnuLibtool Version1.5.20
GnuLibtool Version1.5.22
GnuLibtool Version1.5.24
GnuLibtool Version1.5.26
GnuLibtool Version2.2.6a
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.39% 0.311
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.9 3.4 10
AV:L/AC:M/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
https://rhn.redhat.com/errata/RHSA-2010-0095.html
http://secunia.com/advisories/55721
http://security.gentoo.org/glsa/glsa-201311-10.xml
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
http://secunia.com/advisories/38915
http://www.mandriva.com/security/advisories?name=MDVSA-2010:035
http://www.mandriva.com/security/advisories?name=MDVSA-2010:091
http://www.mandriva.com/security/advisories?name=MDVSA-2010:105
ftp://ftp.gnu.org/gnu/libtool/libtool-2.2.6a-2.2.6b.diff.gz
Patch
http://git.savannah.gnu.org/cgit/libtool.git/commit/?h=branch-1-5&id=29b48580df75f0c5baa2962548a4c101ec7ed7ec
Patch
http://hamlib.svn.sourceforge.net/viewvc/hamlib/trunk/libltdl/Makefile.am?revision=2841&view=markup
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035133.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035168.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054656.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054915.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054921.html
http://lists.gnu.org/archive/html/libtool/2009-11/msg00059.html
Patch
http://lists.gnu.org/archive/html/libtool/2009-11/msg00065.html
Patch
http://secunia.com/advisories/37414
Vendor Advisory
http://secunia.com/advisories/37489
Vendor Advisory
http://secunia.com/advisories/37997
http://secunia.com/advisories/38190
http://secunia.com/advisories/38577
http://secunia.com/advisories/38617
http://secunia.com/advisories/38696
http://secunia.com/advisories/39299
http://secunia.com/advisories/39347
http://secunia.com/advisories/43617
http://support.avaya.com/css/P8/documents/100074869
http://www.mandriva.com/security/advisories?name=MDVSA-2009:307
http://www.redhat.com/support/errata/RHSA-2010-0039.html
http://www.securityfocus.com/bid/37128
Patch
http://www.vupen.com/english/advisories/2011/0574
https://bugzilla.redhat.com/show_bug.cgi?id=537941
Patch
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11687
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6951
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01512.html