Launchpad.net

CVE 2009-3736

ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.

Related bugs and status

CVE-2009-3736 (Candidate) is related to these bugs:

Bug #597240: Sync xmlsec1 1.2.14-1 (universe) from Debian unstable (main)

Summary				In	Importance	Status
	597240	Sync xmlsec1 1.2.14-1 (universe) from Debian unstable (main)		xmlsec1 (Ubuntu)	Wishlist	Fix Released

Bug #631190: [FFE] Sync hamlib 1.2.12-1 (universe) from Debian unstable (main)

Summary				In	Importance	Status
	631190	[FFE] Sync hamlib 1.2.12-1 (universe) from Debian unstable (main)		hamlib (Ubuntu)	Wishlist	Fix Released

Bug #1163136: graphviz ftbfs in raring

Summary				In	Importance	Status
	1163136	graphviz ftbfs in raring		graphviz (Ubuntu)	High	Fix Released
	1163136	graphviz ftbfs in raring		graphviz (Ubuntu Raring)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [libtool] 20091116 Bac...
MLIST: [libtool] 20091116 GNU...
CONFIRM: ftp://ftp.gnu.org/gnu/...
CONFIRM: https://bugzilla.redha...
BID: 37128
SECUNIA: 37414
SECUNIA: 37489
MANDRIVA: MDVSA-2009:307
REDHAT: RHSA-2010:0095
MANDRIVA: MDVSA-2010:035
FEDORA: FEDORA-2010-1872
FEDORA: FEDORA-2010-1924
SECUNIA: 38577
SECUNIA: 38617
CONFIRM: http://support.avaya.c...
REDHAT: RHSA-2010:0039
SECUNIA: 38696
SUSE: SUSE-SR:2010:006
SECUNIA: 38915
SECUNIA: 38190
SECUNIA: 39299
SECUNIA: 39347
MANDRIVA: MDVSA-2010:091
MANDRIVA: MDVSA-2010:105
FEDORA: FEDORA-2009-12813
SECUNIA: 37997
FEDORA: FEDORA-2011-1958
FEDORA: FEDORA-2011-1967
FEDORA: FEDORA-2011-1990
SECUNIA: 43617
VUPEN: ADV-2011-0574
GENTOO: GLSA-201311-10
SECUNIA: 55721
CONFIRM: http://git.savannah.gn...
CONFIRM: http://hamlib.svn.sour...
CONFIRM: http://kb.juniper.net/...
OVAL: oval:org.mitre.oval:de...
OVAL: oval:org.mitre.oval:de...