what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 11 of 11 RSS Feed

CVE-2009-3736

Status Candidate

Overview

ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.

Related Files

Gentoo Linux Security Advisory 201412-08
Posted Dec 12, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-8 - This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2011. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution.

tags | advisory, remote, local, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2006-3005, CVE-2007-2741, CVE-2008-0553, CVE-2008-1382, CVE-2008-5907, CVE-2008-6218, CVE-2008-6661, CVE-2009-0040, CVE-2009-0360, CVE-2009-0361, CVE-2009-0946, CVE-2009-2042, CVE-2009-2624, CVE-2009-3736, CVE-2009-4029, CVE-2009-4411, CVE-2009-4896, CVE-2010-0001, CVE-2010-0436, CVE-2010-0732, CVE-2010-0829, CVE-2010-1000, CVE-2010-1205, CVE-2010-1511, CVE-2010-2056, CVE-2010-2060, CVE-2010-2192, CVE-2010-2251
SHA-256 | a863e2eb03f0ac1937834e096aa9a52158ef6e9eb8144f3d6df45b14d4002a27
Gentoo Linux Security Advisory 201311-10
Posted Nov 19, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201311-10 - Multiple vulnerabilities have been found in GraphicsMagick, allowing remote attackers to execute arbitrary code or cause a Denial of Service condition. Versions prior to 1.3.18 are affected.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2008-1097, CVE-2009-1882, CVE-2009-3736, CVE-2013-4589
SHA-256 | e0c124eaa158477a4b9518946b776b08c9ff20ff126ef0c29d0bd17f28158e99
Mandriva Linux Security Advisory 2010-105
Posted May 22, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-105 - This updates provides a new OpenOffice.org version 3.1.1. It holds security and bug fixes for integer and heap-based buffer overflows.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2009-0200, CVE-2009-0201, CVE-2009-2139, CVE-2009-2140, CVE-2009-3736
SHA-256 | 21015d7a02c53ac1cda3b26e69b2cb6288649ac2452dfda2872e6ca061ee6aae
Mandriva Linux Security Advisory 2010-091
Posted May 5, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-091 - This update provides a new OpenOffice.org version 3.1.1. An integer underflow might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow. A heap-based buffer overflow might allow remote attackers to execute arbitrary code via unspecified records in a crafted Word document, related to table parsing. A heap-based buffer overflow allows remote attackers to execute arbitrary code via a crafted EMF file. Multiple heap-based buffer overflows allow remote attackers to execute arbitrary code via a crafted EMF+ file. OpenOffice's xmlsec uses a bundled Libtool which might load.la file in the current working directory allowing local users to gain privileges via a Trojan horse file. For enabling such vulnerability xmlsec has to use --enable-crypto_dl building flag however it does not, although the fix keeps protected against this threat whenever that flag had been enabled.

tags | advisory, remote, overflow, arbitrary, local, trojan
systems | linux, mandriva
advisories | CVE-2009-0200, CVE-2009-0201, CVE-2009-2139, CVE-2009-2140, CVE-2009-3736
SHA-256 | 8d9c5f17ff17abb01c346325d44694318ba9b0991da8314b424d66dd738fe7f5
Mandriva Linux Security Advisory 2010-075
Posted Apr 16, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-075 - OpenOffice's xmlsec uses a bundled Libtool which might load .la file in the current working directory allowing local users to gain privileges via a Trojan horse file. For enabling such vulnerability xmlsec has to use --enable-crypto_dl building flag however it does not, although the fix keeps protected against this threat whenever that flag had been enabled.

tags | advisory, local, trojan
systems | linux, mandriva
advisories | CVE-2009-3736
SHA-256 | 23ab26a558f6ee10fc5753b67472cba4b55f9540928eebeb46b588ba97cdd500
Mandriva Linux Security Advisory 2010-056
Posted Mar 6, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-056 - This update provides the OpenOffice.org 3.0 major version and holds multiple security updates relating to integer and heap buffer overflows.

tags | advisory, overflow
systems | linux, mandriva
advisories | CVE-2009-0200, CVE-2009-0201, CVE-2009-2140, CVE-2009-3736
SHA-256 | 74b7eb99fa9e572af2880279fa7eb4f4842de76630658a18025413b76abcd582
Mandriva Linux Security Advisory 2010-035
Posted Feb 12, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-035 - This updates provides a new OpenOffice.org version 3.1.1. It provides various security and bug fixes.

tags | advisory
systems | linux, mandriva
advisories | CVE-2009-0200, CVE-2009-0201, CVE-2009-2139, CVE-2009-2140, CVE-2009-3736
SHA-256 | 15452c2e00718b55e66bf276cc3026e3e54a4cf7060996539f34030036aab8a2
Debian Linux Security Advisory 1958-1
Posted Dec 30, 2009
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1958-1 - It was discovered that ltdl, a system-independent dlopen wrapper for GNU libtool, can be tricked to load and run modules from an arbitrary directory, which might be used to execute arbitrary code with the privileges of the user running an application that uses libltdl.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2009-3736
SHA-256 | a246902f67119b2e35ce0cdb38a394e8d2b74d0bc2b10c3027159836041baba8
Mandriva Linux Security Advisory 2009-307
Posted Dec 7, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-307 - All versions of libtool prior to 2.2.6b suffers from a local privilege escalation vulnerability that could be exploited under certain conditions to load arbitrary code. This advisory fixes this issue. Additionally, all applications embedding the libtool code were patched in order to avoid possible future exploitations of this issue. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, arbitrary, local
systems | linux, mandriva
advisories | CVE-2009-3736
SHA-256 | 4580c92414af51f50419a02aaa9359af1aa6ac28ffdd133be1a228a8a100e457
Mandriva Linux Security Advisory 2009-318
Posted Dec 7, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-318 - Multiple security vulnerabilities has been identified and fixed A missing check for the recommended minimum length of the truncated form of HMAC-based XML signatures was found in xmlsec1 prior to 1.2.12. An attacker could use this flaw to create a specially-crafted XML file that forges an XML signature, allowing the attacker to bypass authentication that is based on the XML Signature specification. All versions of libtool prior to 2.2.6b suffers from a local privilege escalation vulnerability that could be exploited under certain conditions to load arbitrary code. Packages for 2008.0 are being provided due to extended support for Corporate products. This update fixes this vulnerability.

tags | advisory, arbitrary, local, vulnerability
systems | linux, mandriva
advisories | CVE-2009-0217, CVE-2009-3736
SHA-256 | 57180189922a60fc6fb2be31e076999decbc3545b198b5eaa2ef09248026f28a
Mandriva Linux Security Advisory 2009-307
Posted Dec 1, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-307 - All versions of libtool prior to 2.2.6b suffers from a local privilege escalation vulnerability that could be exploited under certain conditions to load arbitrary code. This advisory fixes this issue. Additionally, all applications embedding the libtool code were patched in order to avoid possible future exploitations of this issue.

tags | advisory, arbitrary, local
systems | linux, mandriva
advisories | CVE-2009-3736
SHA-256 | 6c3e5ccdc7414fb4d4e6692818c8d281fa7ac0bbdff3d1e65a37dd79454965f7
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close