exploit the possibilities
Showing 1 - 11 of 11 RSS Feed

CVE-2009-3736

Status Candidate

Overview

ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.

Related Files

Gentoo Linux Security Advisory 201412-08
Posted Dec 12, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-8 - This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2011. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution.

tags | advisory, remote, local, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2006-3005, CVE-2007-2741, CVE-2008-0553, CVE-2008-1382, CVE-2008-5907, CVE-2008-6218, CVE-2008-6661, CVE-2009-0040, CVE-2009-0360, CVE-2009-0361, CVE-2009-0946, CVE-2009-2042, CVE-2009-2624, CVE-2009-3736, CVE-2009-4029, CVE-2009-4411, CVE-2009-4896, CVE-2010-0001, CVE-2010-0436, CVE-2010-0732, CVE-2010-0829, CVE-2010-1000, CVE-2010-1205, CVE-2010-1511, CVE-2010-2056, CVE-2010-2060, CVE-2010-2192, CVE-2010-2251
MD5 | 4988293251dc9709a0f0caf5c1076c9b
Gentoo Linux Security Advisory 201311-10
Posted Nov 19, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201311-10 - Multiple vulnerabilities have been found in GraphicsMagick, allowing remote attackers to execute arbitrary code or cause a Denial of Service condition. Versions prior to 1.3.18 are affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2008-1097, CVE-2009-1882, CVE-2009-3736, CVE-2013-4589
MD5 | b6e5599c69d8ea7fa92e32079ed9015a
Mandriva Linux Security Advisory 2010-105
Posted May 22, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-105 - This updates provides a new OpenOffice.org version 3.1.1. It holds security and bug fixes for integer and heap-based buffer overflows.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2009-0200, CVE-2009-0201, CVE-2009-2139, CVE-2009-2140, CVE-2009-3736
MD5 | 3fecb8404765ae73d1372db20104948e
Mandriva Linux Security Advisory 2010-091
Posted May 5, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-091 - This update provides a new OpenOffice.org version 3.1.1. An integer underflow might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow. A heap-based buffer overflow might allow remote attackers to execute arbitrary code via unspecified records in a crafted Word document, related to table parsing. A heap-based buffer overflow allows remote attackers to execute arbitrary code via a crafted EMF file. Multiple heap-based buffer overflows allow remote attackers to execute arbitrary code via a crafted EMF+ file. OpenOffice's xmlsec uses a bundled Libtool which might load.la file in the current working directory allowing local users to gain privileges via a Trojan horse file. For enabling such vulnerability xmlsec has to use --enable-crypto_dl building flag however it does not, although the fix keeps protected against this threat whenever that flag had been enabled.

tags | advisory, remote, overflow, arbitrary, local, trojan
systems | linux, mandriva
advisories | CVE-2009-0200, CVE-2009-0201, CVE-2009-2139, CVE-2009-2140, CVE-2009-3736
MD5 | bfbffa42ccc8de8ca867526115f1eca4
Mandriva Linux Security Advisory 2010-075
Posted Apr 16, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-075 - OpenOffice's xmlsec uses a bundled Libtool which might load .la file in the current working directory allowing local users to gain privileges via a Trojan horse file. For enabling such vulnerability xmlsec has to use --enable-crypto_dl building flag however it does not, although the fix keeps protected against this threat whenever that flag had been enabled.

tags | advisory, local, trojan
systems | linux, mandriva
advisories | CVE-2009-3736
MD5 | 0e3f600a4ca615694af37cccfd23a33a
Mandriva Linux Security Advisory 2010-056
Posted Mar 6, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-056 - This update provides the OpenOffice.org 3.0 major version and holds multiple security updates relating to integer and heap buffer overflows.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2009-0200, CVE-2009-0201, CVE-2009-2140, CVE-2009-3736
MD5 | 9563a13d89363c67fc3cf254ed129006
Mandriva Linux Security Advisory 2010-035
Posted Feb 12, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-035 - This updates provides a new OpenOffice.org version 3.1.1. It provides various security and bug fixes.

tags | advisory
systems | linux, mandriva
advisories | CVE-2009-0200, CVE-2009-0201, CVE-2009-2139, CVE-2009-2140, CVE-2009-3736
MD5 | b127bf188e632aa85a5b2e8e8beb0c62
Debian Linux Security Advisory 1958-1
Posted Dec 30, 2009
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1958-1 - It was discovered that ltdl, a system-independent dlopen wrapper for GNU libtool, can be tricked to load and run modules from an arbitrary directory, which might be used to execute arbitrary code with the privileges of the user running an application that uses libltdl.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2009-3736
MD5 | 3b8afee058b7e5961817b1cdb54771e2
Mandriva Linux Security Advisory 2009-307
Posted Dec 7, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-307 - All versions of libtool prior to 2.2.6b suffers from a local privilege escalation vulnerability that could be exploited under certain conditions to load arbitrary code. This advisory fixes this issue. Additionally, all applications embedding the libtool code were patched in order to avoid possible future exploitations of this issue. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, arbitrary, local
systems | linux, mandriva
advisories | CVE-2009-3736
MD5 | 679b0e0dd4e89247e65667a161a39d7d
Mandriva Linux Security Advisory 2009-318
Posted Dec 7, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-318 - Multiple security vulnerabilities has been identified and fixed A missing check for the recommended minimum length of the truncated form of HMAC-based XML signatures was found in xmlsec1 prior to 1.2.12. An attacker could use this flaw to create a specially-crafted XML file that forges an XML signature, allowing the attacker to bypass authentication that is based on the XML Signature specification. All versions of libtool prior to 2.2.6b suffers from a local privilege escalation vulnerability that could be exploited under certain conditions to load arbitrary code. Packages for 2008.0 are being provided due to extended support for Corporate products. This update fixes this vulnerability.

tags | advisory, arbitrary, local, vulnerability
systems | linux, mandriva
advisories | CVE-2009-0217, CVE-2009-3736
MD5 | ff37b750de6193c04ee02fa68410cd43
Mandriva Linux Security Advisory 2009-307
Posted Dec 1, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-307 - All versions of libtool prior to 2.2.6b suffers from a local privilege escalation vulnerability that could be exploited under certain conditions to load arbitrary code. This advisory fixes this issue. Additionally, all applications embedding the libtool code were patched in order to avoid possible future exploitations of this issue.

tags | advisory, arbitrary, local
systems | linux, mandriva
advisories | CVE-2009-3736
MD5 | bf325a30d0f128b47536065760f21eba
Page 1 of 1
Back1Next

File Archive:

October 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    25 Files
  • 2
    Oct 2nd
    13 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    1 Files
  • 5
    Oct 5th
    15 Files
  • 6
    Oct 6th
    15 Files
  • 7
    Oct 7th
    15 Files
  • 8
    Oct 8th
    11 Files
  • 9
    Oct 9th
    3 Files
  • 10
    Oct 10th
    1 Files
  • 11
    Oct 11th
    1 Files
  • 12
    Oct 12th
    8 Files
  • 13
    Oct 13th
    12 Files
  • 14
    Oct 14th
    23 Files
  • 15
    Oct 15th
    4 Files
  • 16
    Oct 16th
    13 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    1 Files
  • 19
    Oct 19th
    27 Files
  • 20
    Oct 20th
    41 Files
  • 21
    Oct 21st
    18 Files
  • 22
    Oct 22nd
    16 Files
  • 23
    Oct 23rd
    2 Files
  • 24
    Oct 24th
    1 Files
  • 25
    Oct 25th
    1 Files
  • 26
    Oct 26th
    17 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close