CVE-2009-3736
EPSS 0.12%libtool - privilege escalation
Published: 11/29/2009Modified: 4/28/2026
Description
ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
Affected packages (26)
- Debian/clamavfrom 0, < 0.95+dfsg-1
- Debian/collectdfrom 0, < 4.8.2-1
- Debian/ggobifrom 0, < 2.1.9~20091212-1
- Debian/gnu-smalltalkfrom 0, < 3.1-2
- Debian/graphicsmagickfrom 0, < 1.3.5-6
- Debian/graphvizfrom 0, < 2.26.3-14
- Debian/hamlibfrom 0, < 1.2.10-1
- Debian/heartbeatfrom 0, < 2.1.4-7
- Debian/herculesfrom 0, < 3.06-1.2
- Debian/hyprefrom 0, < 2.4.0b-5
- Debian/imagemagickfrom 0, < 6:6.2.3.1-1
- Debian/jagsfrom 0, < 1.0.4-1
- Debian/lamfrom 0, < 7.1.2-1.6
- Debian/libextractorfrom 0, < 0.5.23+dfsg-4
- Debian/libpreludefrom 0, < 0.9.14-2
- Debian/libtoolfrom 0, < 1.5.22-4+etch1
- Debian/libtoolfrom 0, < 2.2.6b-1
- Debian/mp4hfrom 0, < 1.3.1-4.1
- Debian/openmpifrom 0, < 1.3.3-4
- Debian/parserfrom 0, < 3.4.0-2
- Debian/parser-mysqlfrom 0, < 10.3-2
- Debian/pinballfrom 0, < 0.3.1-11
- Debian/redlandfrom 0, < 1.0.10-1
- Debian/sdccfrom 0, < 2.9.0-5
- Debian/synfigfrom 0, < 0.62.00-1
- Debian/xmlsec1from 0, < 1.2.14-1