CVE-2009-3736

Common Vulnerabilities and Exposures

Upstream information

CVE-2009-3736 at MITRE

Description

ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.

NVD CVSS v2 Base Score: 6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C)

Novell/SUSE information

Novell Bugzilla entry: 556122

SUSE Security Advisories:

SUSE-SR:2010:006, published Mon, 15 Mar 2010 11:11:00 +0000

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Linux Enterprise Desktop 10 SP3 for x86 SUSE Linux Enterprise Server 10 SP3	`libtool >= 1.5.22-13.16.1`	sles10-sp3.ia64 sles10-sp3.ppc sles10-sp3.x86 sles10-sp3.x86-64 sles10-sp3.s390x sled10-sp3.x86 sled10-sp3.x86-64 ZYPP Patch Nr: 6683
SUSE Linux Enterprise Desktop 10 SP3 for AMD64 and Intel EM64T SUSE Linux Enterprise SDK 10 SP3 SUSE Linux Enterprise Server 10 SP3	`libtool >= 1.5.22-13.16.1` `libtool-32bit >= 1.5.22-13.16.1`	sles10-sp3.ia64 sles10-sp3.ppc sles10-sp3.x86 sles10-sp3.x86-64 sles10-sp3.s390x sled10-sp3.x86 sled10-sp3.x86-64 ZYPP Patch Nr: 6683
SUSE Linux Enterprise Server 10 SP3	`libtool >= 1.5.22-13.16.1` `libtool-x86 >= 1.5.22-13.16.1`	sles10-sp3.ia64 sles10-sp3.ppc sles10-sp3.x86 sles10-sp3.x86-64 sles10-sp3.s390x sled10-sp3.x86 sled10-sp3.x86-64 ZYPP Patch Nr: 6683
SUSE Linux Enterprise Server 10 SP3	`libtool >= 1.5.22-13.16.1` `libtool-64bit >= 1.5.22-13.16.1`	sles10-sp3.ia64 sles10-sp3.ppc sles10-sp3.x86 sles10-sp3.x86-64 sles10-sp3.s390x sled10-sp3.x86 sled10-sp3.x86-64 ZYPP Patch Nr: 6683
SUSE Linux Enterprise 11 Moblin 2.0	`libtool-debuginfo >= 2.2.6-2.131.1` `libtool-debugsource >= 2.2.6-2.131.1`	SAT Patch Nr: 1624
SUSE Linux Enterprise 11 Moblin 2.0	`libltdl7 >= 2.2.6-2.131.1` `libtool >= 2.2.6-2.131.1`	SAT Patch Nr: 1624
Novell Linux Desktop 9 for x86_64	`libtool >= 1.5.2-56.5` `libtool-32bit >= 9-200912011711`	core9.x86-64 core9.x86 core9.ia64 core9.ppc sles9-nld.x86-64 sles9-nld.x86 core9.s390 core9.s390x sles9-nlpos.x86 sles9-oes.x86 YOU Patch Nr: 12554
Novell Linux Desktop 9 for x86 Open Enterprise Server	`libtool >= 1.5.2-56.5`	core9.x86-64 core9.x86 core9.ia64 core9.ppc sles9-nld.x86-64 sles9-nld.x86 core9.s390 core9.s390x sles9-nlpos.x86 sles9-oes.x86 YOU Patch Nr: 12554
SUSE Linux Enterprise 11 GA DEBUGINFO	`libtool-debuginfo >= 2.2.6-2.131.1` `libtool-debugsource >= 2.2.6-2.131.1`	sle11-sdk.x86 sle11-debuginfo.s390x sle11-debuginfo.ia64 sle11-sdk.x86-64 sles11.s390x sled11.x86-64 sle11-debuginfo.x86-64 sles11.ppc sled11.x86 sle11-debuginfo.x86 sle11-debuginfo.ppc sles11.x86-64 sles11.ia64 sles11.x86 SAT Patch Nr: 1626
SUSE Linux Enterprise 11 GA DEBUGINFO	`libtool-debuginfo >= 2.2.6-2.131.1` `libtool-debuginfo-x86 >= 2.2.6-2.131.1` `libtool-debugsource >= 2.2.6-2.131.1`	sle11-sdk.x86 sle11-debuginfo.s390x sle11-debuginfo.ia64 sle11-sdk.x86-64 sles11.s390x sled11.x86-64 sle11-debuginfo.x86-64 sles11.ppc sled11.x86 sle11-debuginfo.x86 sle11-debuginfo.ppc sles11.x86-64 sles11.ia64 sles11.x86 SAT Patch Nr: 1626
SUSE Linux Enterprise 11 GA DEBUGINFO	`libtool-debuginfo >= 2.2.6-2.131.1` `libtool-debuginfo-32bit >= 2.2.6-2.131.1` `libtool-debugsource >= 2.2.6-2.131.1`	sle11-sdk.x86 sle11-debuginfo.s390x sle11-debuginfo.ia64 sle11-sdk.x86-64 sles11.s390x sled11.x86-64 sle11-debuginfo.x86-64 sles11.ppc sled11.x86 sle11-debuginfo.x86 sle11-debuginfo.ppc sles11.x86-64 sles11.ia64 sles11.x86 SAT Patch Nr: 1626
SUSE Linux Enterprise SDK 11 GA	`libtool >= 2.2.6-2.131.1`	sle11-sdk.x86 sle11-debuginfo.s390x sle11-debuginfo.ia64 sle11-sdk.x86-64 sles11.s390x sled11.x86-64 sle11-debuginfo.x86-64 sles11.ppc sled11.x86 sle11-debuginfo.x86 sle11-debuginfo.ppc sles11.x86-64 sles11.ia64 sles11.x86 SAT Patch Nr: 1626
SUSE Linux Enterprise SDK 11 GA	`libtool >= 2.2.6-2.131.1` `libtool-32bit >= 2.2.6-2.131.1`	sle11-sdk.x86 sle11-debuginfo.s390x sle11-debuginfo.ia64 sle11-sdk.x86-64 sles11.s390x sled11.x86-64 sle11-debuginfo.x86-64 sles11.ppc sled11.x86 sle11-debuginfo.x86 sle11-debuginfo.ppc sles11.x86-64 sles11.ia64 sles11.x86 SAT Patch Nr: 1626
SUSE Linux Enterprise Desktop 11 GA	`libltdl7 >= 2.2.6-2.131.1`	sle11-sdk.x86 sle11-debuginfo.s390x sle11-debuginfo.ia64 sle11-sdk.x86-64 sles11.s390x sled11.x86-64 sle11-debuginfo.x86-64 sles11.ppc sled11.x86 sle11-debuginfo.x86 sle11-debuginfo.ppc sles11.x86-64 sles11.ia64 sles11.x86 SAT Patch Nr: 1626
SUSE Linux Enterprise Desktop 11 GA	`libltdl7 >= 2.2.6-2.131.1` `libltdl7-32bit >= 2.2.6-2.131.1`	sle11-sdk.x86 sle11-debuginfo.s390x sle11-debuginfo.ia64 sle11-sdk.x86-64 sles11.s390x sled11.x86-64 sle11-debuginfo.x86-64 sles11.ppc sled11.x86 sle11-debuginfo.x86 sle11-debuginfo.ppc sles11.x86-64 sles11.ia64 sles11.x86 SAT Patch Nr: 1626
SUSE Linux Enterprise Server 11 GA	`libltdl7 >= 2.2.6-2.131.1` `libtool >= 2.2.6-2.131.1`	sle11-sdk.x86 sle11-debuginfo.s390x sle11-debuginfo.ia64 sle11-sdk.x86-64 sles11.s390x sled11.x86-64 sle11-debuginfo.x86-64 sles11.ppc sled11.x86 sle11-debuginfo.x86 sle11-debuginfo.ppc sles11.x86-64 sles11.ia64 sles11.x86 SAT Patch Nr: 1626
SUSE Linux Enterprise Server 11 GA	`libltdl7 >= 2.2.6-2.131.1` `libltdl7-x86 >= 2.2.6-2.131.1` `libtool >= 2.2.6-2.131.1` `libtool-x86 >= 2.2.6-2.131.1`	sle11-sdk.x86 sle11-debuginfo.s390x sle11-debuginfo.ia64 sle11-sdk.x86-64 sles11.s390x sled11.x86-64 sle11-debuginfo.x86-64 sles11.ppc sled11.x86 sle11-debuginfo.x86 sle11-debuginfo.ppc sles11.x86-64 sles11.ia64 sles11.x86 SAT Patch Nr: 1626
SUSE Linux Enterprise Server 11 GA	`libltdl7 >= 2.2.6-2.131.1` `libltdl7-32bit >= 2.2.6-2.131.1` `libtool >= 2.2.6-2.131.1` `libtool-32bit >= 2.2.6-2.131.1`	sle11-sdk.x86 sle11-debuginfo.s390x sle11-debuginfo.ia64 sle11-sdk.x86-64 sles11.s390x sled11.x86-64 sle11-debuginfo.x86-64 sles11.ppc sled11.x86 sle11-debuginfo.x86 sle11-debuginfo.ppc sles11.x86-64 sles11.ia64 sles11.x86 SAT Patch Nr: 1626
openSUSE 11.0	`libtool-debuginfo >= 1.5.26-23.2` `libtool-debugsource >= 1.5.26-23.2`
openSUSE 11.0	`libltdl-3 >= 1.5.26-23.2` `libltdl-3-32bit >= 1.5.26-23.2` `libltdl-3-64bit >= 1.5.26-23.2` `libtool >= 1.5.26-23.2` `libtool-32bit >= 1.5.26-23.2` `libtool-64bit >= 1.5.26-23.2`
openSUSE 11.1	`libtool-debuginfo >= 2.2.6-1.36.1` `libtool-debuginfo-32bit >= 2.2.6-1.36.1` `libtool-debuginfo-64bit >= 2.2.6-1.36.1` `libtool-debugsource >= 2.2.6-1.36.1`
openSUSE 11.1	`libltdl7 >= 2.2.6-1.36.1` `libltdl7-32bit >= 2.2.6-1.36.1` `libltdl7-64bit >= 2.2.6-1.36.1` `libtool >= 2.2.6-1.36.1` `libtool-32bit >= 2.2.6-1.36.1` `libtool-64bit >= 2.2.6-1.36.1`
openSUSE 11.2	`libltdl7-debuginfo >= 2.2.6-47.451.1` `libtool-debugsource >= 2.2.6-47.451.1`
openSUSE 11.2	`libltdl7 >= 2.2.6-47.451.1` `libltdl7-32bit >= 2.2.6-47.451.1` `libtool >= 2.2.6-47.451.1` `libtool-32bit >= 2.2.6-47.451.1`

Products

Products By Category

Collaboration

Endpoint Management

File & Networking Services

Services & Support

Help Yourself

Let Us Help

Download

IT Consulting

Technical Training

Customer Center

Contribute

Partners

Partner With Novell

PartnerNet

Find a Partner

Developers

Communities

About Novell

How to Buy