Symlink Vulnerability in GNU libtool <1.5.2

2004-02-03T00:00:00
ID SECURITYVULNS:DOC:5697
Type securityvulns
Reporter Securityvulns
Modified 2004-02-03T00:00:00

Description

Vulnerable: libtool <1.5.2 Not Vulnerable: libtool 1.5.2 Project website: http://www.gnu.org/software/libtool/libtool.html

Description of libtool (from website): "GNU libtool is a generic library support script. Libtool hides the complexity of using shared libraries behind a consistent, portable interface." Libtool is included with many packages that rely on it to handle libraries. As a result these packages are vulnerable as well.

Discussion: I found a symlink vulnerability in libtool prior to version 1.5.2. Libtool insecurely creates a temporary directory when a package using libtool is being compiled.

I want to point out that this bug is only exploitable at compile time. The binaries that are produced during compilation are not affected. As a result, systems that rely exclusively on binary packages are not affected at all.

Solution: Updating to libtool 1.5.2 (the current stable release) will eliminate the vulnerability. If you want to stick with your old version of libtool you can easily fix this bug yourself. In "ltmain.in" (or file "libtool", whichever applies for you) you should replace the line:

if $mkdir -p "$tmpdir" && chmod 700 "$tmpdir"; then :

with

if $mkdir "$tmpdir" && chmod 700 "$tmpdir"; then :

Packages sometimes bring their own version of libtool. As a result, fixing the libtool that is installed on your system may not be enough. To solve this problem, package maintainers should fix their packages if they use libtool!

Regards Stefan Nordhausen

-- Don't open your eyes, you won't like what you see. The blind have been blessed with security. Don't open your eyes, take it from me. I have found, you can find happiness in slavery. Trent Reznor