CVE-2009-3736
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2009-3736
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2009-3736.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2009-3736
- Related
- Published
- 2009-11-29T13:07:52Z
- Modified
- 2024-11-11T05:00:05Z
- Summary
- [none]
- Details
-
ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
- References
-
- http://secunia.com/advisories/37414
- http://secunia.com/advisories/37489
- http://secunia.com/advisories/37997
- http://secunia.com/advisories/38190
- http://secunia.com/advisories/38577
- http://secunia.com/advisories/38617
- http://secunia.com/advisories/38696
- http://secunia.com/advisories/38915
- http://secunia.com/advisories/39299
- http://secunia.com/advisories/39347
- http://secunia.com/advisories/43617
- http://secunia.com/advisories/55721
- http://security.gentoo.org/glsa/glsa-201311-10.xml
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:307
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:035
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:091
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:105
- http://www.vupen.com/english/advisories/2011/0574
- https://rhn.redhat.com/errata/RHSA-2010-0095.html
- ftp://ftp.gnu.org/gnu/libtool/libtool-2.2.6a-2.2.6b.diff.gz
- http://git.savannah.gnu.org/cgit/libtool.git/commit/?h=branch-1-5&id=29b48580df75f0c5baa2962548a4c101ec7ed7ec
- http://lists.gnu.org/archive/html/libtool/2009-11/msg00059.html
- http://lists.gnu.org/archive/html/libtool/2009-11/msg00065.html
- http://www.securityfocus.com/bid/37128
- https://bugzilla.redhat.com/show_bug.cgi?id=537941
- http://hamlib.svn.sourceforge.net/viewvc/hamlib/trunk/libltdl/Makefile.am?revision=2841&view=markup
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035133.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035168.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054656.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054915.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054921.html
- http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
- http://support.avaya.com/css/P8/documents/100074869
- http://www.redhat.com/support/errata/RHSA-2010-0039.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11687
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6951
- https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01512.html
- https://security-tracker.debian.org/tracker/CVE-2009-3736
Affected packages
Debian:11 / clamav
Package
- Name
- clamav
- Purl
- pkg:deb/debian/clamav?arch=source
Debian:12 / clamav
Package
- Name
- clamav
- Purl
- pkg:deb/debian/clamav?arch=source
Debian:13 / clamav
Package
- Name
- clamav
- Purl
- pkg:deb/debian/clamav?arch=source
Debian:11 / collectd
Package
- Name
- collectd
- Purl
- pkg:deb/debian/collectd?arch=source
Debian:12 / collectd
Package
- Name
- collectd
- Purl
- pkg:deb/debian/collectd?arch=source
Debian:13 / collectd
Package
- Name
- collectd
- Purl
- pkg:deb/debian/collectd?arch=source
Debian:11 / ggobi
Package
- Name
- ggobi
- Purl
- pkg:deb/debian/ggobi?arch=source
Debian:12 / ggobi
Package
- Name
- ggobi
- Purl
- pkg:deb/debian/ggobi?arch=source
Debian:13 / ggobi
Package
- Name
- ggobi
- Purl
- pkg:deb/debian/ggobi?arch=source
Debian:11 / gnu-smalltalk
Package
- Name
- gnu-smalltalk
- Purl
- pkg:deb/debian/gnu-smalltalk?arch=source
Debian:11 / graphicsmagick
Package
- Name
- graphicsmagick
- Purl
- pkg:deb/debian/graphicsmagick?arch=source
Debian:12 / graphicsmagick
Package
- Name
- graphicsmagick
- Purl
- pkg:deb/debian/graphicsmagick?arch=source
Debian:13 / graphicsmagick
Package
- Name
- graphicsmagick
- Purl
- pkg:deb/debian/graphicsmagick?arch=source
Debian:11 / graphviz
Package
- Name
- graphviz
- Purl
- pkg:deb/debian/graphviz?arch=source
Debian:12 / graphviz
Package
- Name
- graphviz
- Purl
- pkg:deb/debian/graphviz?arch=source
Debian:13 / graphviz
Package
- Name
- graphviz
- Purl
- pkg:deb/debian/graphviz?arch=source
Debian:11 / hamlib
Package
- Name
- hamlib
- Purl
- pkg:deb/debian/hamlib?arch=source
Debian:12 / hamlib
Package
- Name
- hamlib
- Purl
- pkg:deb/debian/hamlib?arch=source
Debian:13 / hamlib
Package
- Name
- hamlib
- Purl
- pkg:deb/debian/hamlib?arch=source
Debian:11 / heartbeat
Package
- Name
- heartbeat
- Purl
- pkg:deb/debian/heartbeat?arch=source
Debian:12 / heartbeat
Package
- Name
- heartbeat
- Purl
- pkg:deb/debian/heartbeat?arch=source
Debian:13 / heartbeat
Package
- Name
- heartbeat
- Purl
- pkg:deb/debian/heartbeat?arch=source
Debian:11 / hercules
Package
- Name
- hercules
- Purl
- pkg:deb/debian/hercules?arch=source
Debian:12 / hercules
Package
- Name
- hercules
- Purl
- pkg:deb/debian/hercules?arch=source
Debian:13 / hercules
Package
- Name
- hercules
- Purl
- pkg:deb/debian/hercules?arch=source
Debian:11 / hypre
Package
- Name
- hypre
- Purl
- pkg:deb/debian/hypre?arch=source
Debian:12 / hypre
Package
- Name
- hypre
- Purl
- pkg:deb/debian/hypre?arch=source
Debian:13 / hypre
Package
- Name
- hypre
- Purl
- pkg:deb/debian/hypre?arch=source
Debian:11 / imagemagick
Package
- Name
- imagemagick
- Purl
- pkg:deb/debian/imagemagick?arch=source
Debian:12 / imagemagick
Package
- Name
- imagemagick
- Purl
- pkg:deb/debian/imagemagick?arch=source
Debian:13 / imagemagick
Package
- Name
- imagemagick
- Purl
- pkg:deb/debian/imagemagick?arch=source
Debian:11 / jags
Package
- Name
- jags
- Purl
- pkg:deb/debian/jags?arch=source
Debian:12 / jags
Package
- Name
- jags
- Purl
- pkg:deb/debian/jags?arch=source
Debian:13 / jags
Package
- Name
- jags
- Purl
- pkg:deb/debian/jags?arch=source
Debian:11 / lam
Package
- Name
- lam
- Purl
- pkg:deb/debian/lam?arch=source
Debian:12 / lam
Package
- Name
- lam
- Purl
- pkg:deb/debian/lam?arch=source
Debian:13 / lam
Package
- Name
- lam
- Purl
- pkg:deb/debian/lam?arch=source
Debian:11 / libextractor
Package
- Name
- libextractor
- Purl
- pkg:deb/debian/libextractor?arch=source
Debian:12 / libextractor
Package
- Name
- libextractor
- Purl
- pkg:deb/debian/libextractor?arch=source
Debian:13 / libextractor
Package
- Name
- libextractor
- Purl
- pkg:deb/debian/libextractor?arch=source
Debian:11 / libprelude
Package
- Name
- libprelude
- Purl
- pkg:deb/debian/libprelude?arch=source
Debian:12 / libprelude
Package
- Name
- libprelude
- Purl
- pkg:deb/debian/libprelude?arch=source
Debian:13 / libprelude
Package
- Name
- libprelude
- Purl
- pkg:deb/debian/libprelude?arch=source
Debian:11 / libtool
Package
- Name
- libtool
- Purl
- pkg:deb/debian/libtool?arch=source
Debian:12 / libtool
Package
- Name
- libtool
- Purl
- pkg:deb/debian/libtool?arch=source
Debian:13 / libtool
Package
- Name
- libtool
- Purl
- pkg:deb/debian/libtool?arch=source
Debian:11 / mp4h
Package
- Name
- mp4h
- Purl
- pkg:deb/debian/mp4h?arch=source
Debian:12 / mp4h
Package
- Name
- mp4h
- Purl
- pkg:deb/debian/mp4h?arch=source
Debian:13 / mp4h
Package
- Name
- mp4h
- Purl
- pkg:deb/debian/mp4h?arch=source
Debian:11 / openmpi
Package
- Name
- openmpi
- Purl
- pkg:deb/debian/openmpi?arch=source
Debian:12 / openmpi
Package
- Name
- openmpi
- Purl
- pkg:deb/debian/openmpi?arch=source
Debian:13 / openmpi
Package
- Name
- openmpi
- Purl
- pkg:deb/debian/openmpi?arch=source
Debian:11 / parser
Package
- Name
- parser
- Purl
- pkg:deb/debian/parser?arch=source
Debian:12 / parser
Package
- Name
- parser
- Purl
- pkg:deb/debian/parser?arch=source
Debian:13 / parser
Package
- Name
- parser
- Purl
- pkg:deb/debian/parser?arch=source
Debian:11 / parser-mysql
Package
- Name
- parser-mysql
- Purl
- pkg:deb/debian/parser-mysql?arch=source
Debian:12 / parser-mysql
Package
- Name
- parser-mysql
- Purl
- pkg:deb/debian/parser-mysql?arch=source
Debian:13 / parser-mysql
Package
- Name
- parser-mysql
- Purl
- pkg:deb/debian/parser-mysql?arch=source
Debian:11 / pinball
Package
- Name
- pinball
- Purl
- pkg:deb/debian/pinball?arch=source
Debian:12 / pinball
Package
- Name
- pinball
- Purl
- pkg:deb/debian/pinball?arch=source
Debian:13 / pinball
Package
- Name
- pinball
- Purl
- pkg:deb/debian/pinball?arch=source
Debian:11 / redland
Package
- Name
- redland
- Purl
- pkg:deb/debian/redland?arch=source
Debian:12 / redland
Package
- Name
- redland
- Purl
- pkg:deb/debian/redland?arch=source
Debian:13 / redland
Package
- Name
- redland
- Purl
- pkg:deb/debian/redland?arch=source
Debian:11 / sdcc
Package
- Name
- sdcc
- Purl
- pkg:deb/debian/sdcc?arch=source
Debian:12 / sdcc
Package
- Name
- sdcc
- Purl
- pkg:deb/debian/sdcc?arch=source
Debian:13 / sdcc
Package
- Name
- sdcc
- Purl
- pkg:deb/debian/sdcc?arch=source
Debian:11 / synfig
Package
- Name
- synfig
- Purl
- pkg:deb/debian/synfig?arch=source
Debian:12 / synfig
Package
- Name
- synfig
- Purl
- pkg:deb/debian/synfig?arch=source
Debian:11 / xmlsec1
Package
- Name
- xmlsec1
- Purl
- pkg:deb/debian/xmlsec1?arch=source
Debian:12 / xmlsec1
Package
- Name
- xmlsec1
- Purl
- pkg:deb/debian/xmlsec1?arch=source
Debian:13 / xmlsec1
Package
- Name
- xmlsec1
- Purl
- pkg:deb/debian/xmlsec1?arch=source