Rapid7 Vulnerability & Exploit Database

RHSA-2009:1646: libtool security update

Back to Search

RHSA-2009:1646: libtool security update

Severity
7
CVSS
(AV:L/AC:M/Au:N/C:C/I:C/A:C)
Published
11/29/2009
Created
07/25/2018
Added
12/09/2009
Modified
07/04/2017

Description

GNU Libtool is a set of shell scripts which automatically configure UNIX,Linux, and similar operating systems to generically build shared libraries.A flaw was found in the way GNU Libtool's libltdl library looked formodules to load. It was possible for libltdl to load and run modules froman arbitrary library in the current working directory. If a local attackercould trick a local user into running an application (which uses libltdl)from an attacker-controlled directory containing a malicious Libtoolcontrol file (.la), the attacker could possibly execute arbitrary code withthe privileges of the user running the application. (CVE-2009-3736)All libtool users should upgrade to these updated packages, which containa backported patch to correct this issue. After installing the updatedpackages, applications using the libltdl library must be restarted for theupdate to take effect.

Solution(s)

  • redhat-upgrade-libtool
  • redhat-upgrade-libtool-libs
  • redhat-upgrade-libtool-ltdl
  • redhat-upgrade-libtool-ltdl-devel

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;