Re: Bug#559802: CVE-2009-3736 local privilege escalation
On Mon, 07 Dec 2009 08:56:07 +0100, Stefan Hornburg (Racke) wrote:
> Michael Gilbert wrote:
> > Package: courier-authlib
> > Severity: grave
> > Tags: security
> > Hi,
> > The following CVE (Common Vulnerabilities & Exposures) id was
> > published for libtool. I have determined that this package embeds a
> > vulnerable copy of the libtool source code. However, since this is a
> > mass bug filing (due to so many packages embedding libtool), I have not
> > had time to determine whether the vulnerable code is actually present
> > in any of the binary packages. Please determine whether this is the
> > case. If the package is not affected, please feel free to close the bug
> > with a message containing the details of what you did to check.
> > CVE-2009-3736:
> > | ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b,
> > | attempts to open a .la file in the current working directory, which
> > | allows local users to gain privileges via a Trojan horse file.
> > Note that this problem also affects etch and lenny, so if your package
> > is affected, please coordinate with the security team to release the
> > DSA for the affected packages.
> > If you fix the vulnerability please also make sure to include the
> > CVE id in your changelog entry.
> Is there a patch available for the vulnerability?
Yes, if you follow the link to the mitre page , which was included
in the original bug report, you will find a link to the patches .