Local File Inclusion Vulnerability in GNU Libtool Affecting Ham Radio Control Libraries and Others
CVE-2009-3736

Currently unrated

Key Information:

Vendor: Gnu
Status: Libtool
Vendor: CVE Published:; 29 November 2009

Summary

A security vulnerability exists in the GNU Libtool library that can be exploited by local users. It arises from the library's attempt to open .la files located in the current working directory without proper validation. This lack of validation could permit a local user to introduce a specially crafted .la file, which, when executed, may escalate privileges via a Trojan horse file, compromising system integrity and security.

References

http://security.gentoo.org/glsa/glsa-201311-10.xml

vendor-advisoryx_refsource_GENTOO

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

Timeline

Vulnerability published
Nov 29, 2009
Vulnerability Reserved
Oct 22, 2009