Name | CVE-2009-3736 |
Description | ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
References | DSA-1958-1 |
Debian Bugs | 559797, 559800, 559801, 559803, 559806, 559808, 559809, 559811, 559813, 559814, 559815, 559816, 559818, 559819, 559821, 559822, 559823, 559824, 559825, 559826, 559827, 559828, 559829, 559831, 559832, 559833, 559834, 559835, 559836, 559837, 559840, 559843, 559844, 559845, 702436 |
The table below lists information on source packages.
Source Package | Release | Version | Status |
---|---|---|---|
bochs (PTS) | bullseye | 2.6.11+dfsg-4 | fixed |
bookworm | 2.7+dfsg-4 | fixed | |
sid, trixie | 2.8+dfsg-1 | fixed | |
clamav (PTS) | bullseye | 0.103.10+dfsg-0+deb11u1 | fixed |
bookworm | 1.0.5+dfsg-1~deb12u1 | fixed | |
sid, trixie | 1.4.1+dfsg-1 | fixed | |
collectd (PTS) | bullseye | 5.12.0-7 | fixed |
bookworm | 5.12.0-14 | fixed | |
sid | 5.12.0-18.1 | fixed | |
ggobi (PTS) | bookworm, bullseye | 2.1.11-2 | fixed |
sid, trixie | 2.1.12-1 | fixed | |
gnu-smalltalk (PTS) | bullseye | 3.2.5-1.3 | fixed |
graphicsmagick (PTS) | bullseye (security), bullseye | 1.4+really1.3.36+hg16481-2+deb11u1 | fixed |
bookworm | 1.4+really1.3.40-4 | fixed | |
sid, trixie | 1.4+really1.3.45-1 | fixed | |
graphviz (PTS) | bullseye | 2.42.2-5+deb11u1 | fixed |
bookworm | 2.42.2-7+deb12u1 | fixed | |
sid, trixie | 2.42.4-2 | fixed | |
hamlib (PTS) | bullseye | 4.0-7 | fixed |
bookworm | 4.5.4-1 | fixed | |
sid, trixie | 4.5.5-4 | fixed | |
heartbeat (PTS) | bullseye | 1:3.0.6-11+deb11u1 | fixed |
bookworm | 1:3.0.6-13 | fixed | |
sid, trixie | 1:3.0.6-15 | fixed | |
hercules (PTS) | bookworm, bullseye | 3.13-7 | fixed |
sid, trixie | 3.13-8 | fixed | |
hypre (PTS) | bullseye | 2.18.2-1 | fixed |
bookworm | 2.26.0-3 | fixed | |
sid, trixie | 2.31.0-2 | fixed | |
imagemagick (PTS) | bullseye | 8:6.9.11.60+dfsg-1.3+deb11u4 | fixed |
bullseye (security) | 8:6.9.11.60+dfsg-1.3+deb11u3 | fixed | |
bookworm | 8:6.9.11.60+dfsg-1.6+deb12u2 | fixed | |
bookworm (security) | 8:6.9.11.60+dfsg-1.6+deb12u1 | fixed | |
sid, trixie | 8:6.9.13.12+dfsg1-1 | fixed | |
jags (PTS) | bullseye | 4.3.0-3 | fixed |
bookworm | 4.3.1-1 | fixed | |
sid, trixie | 4.3.2-1 | fixed | |
lam (PTS) | bullseye | 7.1.4-6.1 | fixed |
bookworm | 7.1.4-7 | fixed | |
sid, trixie | 7.1.4-7.2 | fixed | |
libextractor (PTS) | bullseye | 1:1.11-2 | fixed |
bookworm | 1:1.11-7 | fixed | |
sid, trixie | 1:1.13-7 | fixed | |
libmcrypt (PTS) | bullseye | 2.5.8-3.4 | fixed |
bookworm | 2.5.8-7 | fixed | |
sid, trixie | 2.5.8-8 | fixed | |
libprelude (PTS) | bullseye | 5.2.0-3+deb11u1 | fixed |
bookworm | 5.2.0-5 | fixed | |
sid, trixie | 5.2.0-5.6 | fixed | |
libtool (PTS) | bullseye | 2.4.6-15 | fixed |
bookworm | 2.4.7-7~deb12u1 | fixed | |
sid, trixie | 2.4.7-7 | fixed | |
mp4h (PTS) | bookworm, bullseye | 1.3.1-17 | fixed |
sid, trixie | 1.3.1-17.1 | fixed | |
openmpi (PTS) | bullseye | 4.1.0-10 | fixed |
bookworm | 4.1.4-3 | fixed | |
sid, trixie | 4.1.6-13.3 | fixed | |
parser (PTS) | bullseye | 3.4.6-2 | fixed |
bookworm | 3.4.6-3 | fixed | |
sid, trixie | 3.4.6-5 | fixed | |
parser-mysql (PTS) | bookworm, bullseye, sid, trixie | 10.8-3 | fixed |
pdsh (PTS) | bullseye | 2.31-3 | fixed |
bookworm | 2.34-0.2 | fixed | |
sid, trixie | 2.34-3 | fixed | |
pinball (PTS) | bookworm, bullseye | 0.3.20201218-4 | fixed |
sid, trixie | 0.3.20230219-1 | fixed | |
proftpd-dfsg (PTS) | bullseye | 1.3.7a+dfsg-12+deb11u2 | fixed |
bookworm | 1.3.8+dfsg-4+deb12u3 | fixed | |
sid, trixie | 1.3.8.b+dfsg-2 | fixed | |
redland (PTS) | bullseye | 1.0.17-1.1 | fixed |
bookworm | 1.0.17-3 | fixed | |
sid, trixie | 1.0.17-4 | fixed | |
sdcc (PTS) | bullseye | 4.0.0+dfsg-2 | fixed |
bookworm | 4.2.0+dfsg-1 | fixed | |
sid, trixie | 4.4.0+dfsg-2 | fixed | |
synfig (PTS) | bullseye | 1.4.0+dfsg-2 | fixed |
bookworm | 1.5.1+dfsg-3 | fixed | |
sid | 1.5.1+dfsg-4 | fixed | |
xmlsec1 (PTS) | bullseye | 1.2.31-1 | fixed |
bookworm | 1.2.37-2 | fixed | |
sid, trixie | 1.2.41-1 | fixed |
The information below is based on the following data on fixed versions.
Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
---|---|---|---|---|---|---|
arts | source | (unstable) | (not affected) | |||
babel | source | (unstable) | 1.4.0.dfsg-5 | low | 559843 | |
bochs | source | (unstable) | (not affected) | |||
camserv | source | (unstable) | (unfixed) | low | 559800 | |
clamav | source | (unstable) | 0.95+dfsg-1 | low | 559832 | |
collectd | source | (unstable) | 4.8.2-1 | low | 559801 | |
cvsnt | source | (unstable) | 2.5.04.3236-1.2 | low | 559803 | |
ggobi | source | (unstable) | 2.1.9~20091212-1 | low | 559806 | |
gnash | source | (unstable) | 0.8.7-2 | low | 559808 | |
gnu-smalltalk | source | (unstable) | 3.1-2 | low | 559809 | |
graphicsmagick | source | (unstable) | 1.3.5-6 | low | 559811 | |
graphviz | source | squeeze | 2.26.3-5+squeeze1 | |||
graphviz | source | (unstable) | 2.26.3-14 | low | 702436 | |
guile-1.6 | source | (unstable) | 1.6.8-7 | low | 559813 | |
hamlib | source | lenny | 1.2.7.1-1+lenny1 | |||
hamlib | source | (unstable) | 1.2.10-1 | low | 559814 | |
heartbeat | source | (unstable) | 2.1.4-7 | unimportant | 559845 | |
hercules | source | (unstable) | 3.06-1.2 | low | 559815 | |
hypre | source | (unstable) | 2.4.0b-5 | low | 559834 | |
imagemagick | source | (unstable) | 6:6.2.3.1-1 | low | 559833 | |
jags | source | (unstable) | 1.0.4-1 | low | 559816 | |
kdelibs | source | (unstable) | (not affected) | |||
lam | source | (unstable) | 7.1.2-1.6 | low | 559835 | |
libannodex | source | (unstable) | (unfixed) | low | 559818 | |
libextractor | source | (unstable) | 0.5.23+dfsg-4 | low | 559819 | |
libmcrypt | source | (unstable) | (not affected) | |||
libprelude | source | (unstable) | 0.9.14-2 | low | 559844 | |
libtool | source | etch | 1.5.22-4+etch1 | DSA-1958-1 | ||
libtool | source | lenny | 1.5.26-4+lenny1 | DSA-1958-1 | ||
libtool | source | (unstable) | 2.2.6b-1 | low | 559797 | |
libtunepimp | source | (unstable) | 0.5.3-7.3 | low | 559821 | |
mp4h | source | (unstable) | 1.3.1-4.1 | low | 559822 | |
naim | source | (unstable) | (unfixed) | low | 559823 | |
openmpi | source | (unstable) | 1.3.3-4 | low | 559836 | |
parser | source | (unstable) | 3.4.0-2 | unimportant | 559837 | |
parser-mysql | source | (unstable) | 10.3-2 | unimportant | 559824 | |
pdsh | source | (unstable) | (not affected) | |||
pinball | source | (unstable) | 0.3.1-11 | low | 559825 | |
proftpd-dfsg | source | (unstable) | (not affected) | |||
redland | source | etch | (not affected) | |||
redland | source | lenny | (not affected) | |||
redland | source | (unstable) | 1.0.10-1 | low | 559826 | |
sdcc | source | (unstable) | 2.9.0-5 | low | 559840 | |
siproxd | source | (unstable) | 1:0.8.1-1 | low | 559827 | |
ski | source | (unstable) | (unfixed) | low | 559828 | |
synfig | source | (unstable) | 0.62.00-1 | low | 559829 | |
xmlsec1 | source | (unstable) | 1.2.14-1 | unimportant | 559831 |
- arts <not-affected> (Uses absolute path to the sound backend)
- bochs <not-affected> (additional hardening in this package prevents this type of attack; bug #559799)
requested camserv removal
[lenny] - camserv <no-dsa> (Minor issue)
[etch] - camserv <no-dsa> (Minor issue)
[lenny] - collectd <no-dsa> (Minor issue)
[etch] - collectd <no-dsa> (Minor issue)
[etch] - cvsnt <no-dsa> (Minor issue)
[lenny] - cvsnt <no-dsa> (Minor issue)
[etch] - ggobi <no-dsa> (Minor issue)
[lenny] - ggobi <no-dsa> (Minor issue)
[lenny] - gnash <no-dsa> (Minor issue)
[lenny] - gnu-smalltalk <no-dsa> (Minor issue)
[etch] - gnu-smalltalk <no-dsa> (Minor issue)
[lenny] - graphicsmagick <no-dsa> (Minor issue, can be fixed along with later updates)
[etch] - graphicsmagick <no-dsa> (Minor issue, can be fixed along with later updates)
[etch] - guile-1.6 <no-dsa> (Minor issue)
[lenny] - guile-1.6 <no-dsa> (Minor issue)
[etch] - hamlib <no-dsa> (Minor issue)
[lenny] - hercules <no-dsa> (Minor issue)
[etch] - hercules <no-dsa> (Minor issue)
- kdelibs <not-affected> (dl_open open loads from fixed paths)
[lenny] - libannodex <no-dsa> (Minor issue)
[etch] - libannodex <no-dsa> (Minor issue)
[etch] - libextractor <no-dsa> (Minor issue)
[lenny] - libextractor <no-dsa> (Minor issue)
- libmcrypt <not-affected> (not included in any of the binary packages; bug #559820)
[lenny] - libtunepimp <no-dsa> (Minor issue)
[etch] - libtunepimp <no-dsa> (Minor issue)
[etch] - mp4h <no-dsa> (Minor issue)
[lenny] - mp4h <no-dsa> (Minor issue)
[lenny] - naim <no-dsa> (Minor issue)
[etch] - naim <no-dsa> (Minor issue)
[lenny] - pinball <no-dsa> (Minor issue)
[etch] - pinball <no-dsa> (Minor issue)
[etch] - redland <not-affected> (Versions prior to 1.0.9 don't use libtool/libltdl)
[lenny] - redland <not-affected> (Versions prior to 1.0.9 don't use libtool/libltdl)
[lenny] - siproxd <no-dsa> (Minor issue)
[etch] - siproxd <no-dsa> (Minor issue)
[lenny] - synfig <no-dsa> (Minor issue)
Embedded code copy isn't used
[lenny] - clamav <no-dsa> (Minor issue)
[etch] - clamav <no-dsa> (Minor issue)
[lenny] - imagemagick <no-dsa> (Minor issue)
[etch] - imagemagick <no-dsa> (Minor issue)
[etch] - hypre <no-dsa> (Minor issue)
[lenny] - hypre <no-dsa> (Minor issue)
[lenny] - lam <no-dsa> (Minor issue)
[etch] - lam <no-dsa> (Minor issue)
[lenny] - openmpi <no-dsa> (Minor issue)
[etch] - openmpi <no-dsa> (Minor issue)
users with write access can modify configuration to load new extensions, see #559837
- pdsh <not-affected> (Only loads from /usr/lib/pdsh, which is controlled by root)
[lenny] - sdcc <no-dsa> (Minor issue)
[etch] - sdcc <no-dsa> (Minor issue)
- proftpd-dfsg <not-affected> (Only loads from /usr/lib/proftpd)
[lenny] - babel <no-dsa> (Minor issue)
[etch] - libprelude <no-dsa> (Minor issue)
the dlopened path is always below /usr/lib/heartbeat, which isn't under control of an attacker
From Squeeze onwards the system copy of ltdl is used, use the current version from Squeeze,
might've been fixed earlier