Lucene search

PRIOn knowledge basePRION:CVE-2009-3736

HistoryNov 29, 2009 - 1:07 p.m.

Code injection

2009-11-2913:07:00

PRIOn knowledge base

www.prio-n.com

6.2 Medium

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

8.3%

JSON

ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.

CPENameOperatorVersion
libtooleq1.5.2
libtooleq1.5.24
libtooleq1.5
libtooleq1.5.8
libtooleq1.5.22
libtooleq1.5.6
libtooleq1.5.26
libtooleq1.5.18
libtooleq1.5.12
libtooleq2.2.697

Name	Operator	Version
libtool	eq	1.5.2
libtool	eq	1.5.24
libtool	eq	1.5
libtool	eq	1.5.8
libtool	eq	1.5.22
libtool	eq	1.5.6
libtool	eq	1.5.26
libtool	eq	1.5.18
libtool	eq	1.5.12
libtool	eq	2.2.697

Rows per page:

1-10 of 151

References

ftp://ftp.gnu.org/gnu/libtool/libtool-2.2.6a-2.2.6b.diff.gz

git.savannah.gnu.org/cgit/libtool.git/commit/?h=branch-1-5&id=29b48580df75f0c5baa2962548a4c101ec7ed7ec

hamlib.svn.sourceforge.net/viewvc/hamlib/trunk/libltdl/Makefile.am?revision=2841&view=markup

kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

lists.gnu.org/archive/html/libtool/2009-11/msg00059.html

lists.gnu.org/archive/html/libtool/2009-11/msg00065.html

lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html

secunia.com/advisories/37414

secunia.com/advisories/37489

secunia.com/advisories/37997

secunia.com/advisories/38190

secunia.com/advisories/38577

secunia.com/advisories/38617

secunia.com/advisories/38696

secunia.com/advisories/38915

secunia.com/advisories/39299

secunia.com/advisories/39347

secunia.com/advisories/43617

secunia.com/advisories/55721

security.gentoo.org/glsa/glsa-201311-10.xml

support.avaya.com/css/P8/documents/100074869

www.mandriva.com/security/advisories?name=MDVSA-2009:307

www.mandriva.com/security/advisories?name=MDVSA-2010:035

www.mandriva.com/security/advisories?name=MDVSA-2010:091

www.mandriva.com/security/advisories?name=MDVSA-2010:105

www.redhat.com/support/errata/RHSA-2010-0039.html

www.securityfocus.com/bid/37128

www.vupen.com/english/advisories/2011/0574

bugzilla.redhat.com/show_bug.cgi?id=537941

lists.fedoraproject.org/pipermail/package-announce/2010-February/035133.html

lists.fedoraproject.org/pipermail/package-announce/2010-February/035168.html

lists.fedoraproject.org/pipermail/package-announce/2011-March/054656.html

lists.fedoraproject.org/pipermail/package-announce/2011-March/054915.html

lists.fedoraproject.org/pipermail/package-announce/2011-March/054921.html

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11687

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6951

rhn.redhat.com/errata/RHSA-2010-0095.html

www.redhat.com/archives/fedora-package-announce/2009-December/msg01512.html

6.2 Medium

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

8.3%

JSON

Related for PRION:CVE-2009-3736