Описание
ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libtool | fixed | 2.2.6b-1 | package | |
| arts | not-affected | package | ||
| bochs | not-affected | package | ||
| camserv | removed | package | ||
| camserv | no-dsa | lenny | package | |
| camserv | no-dsa | etch | package | |
| collectd | fixed | 4.8.2-1 | package | |
| collectd | no-dsa | lenny | package | |
| collectd | no-dsa | etch | package | |
| cvsnt | fixed | 2.5.04.3236-1.2 | package | |
| cvsnt | no-dsa | etch | package | |
| cvsnt | no-dsa | lenny | package | |
| ggobi | fixed | 2.1.9~20091212-1 | package | |
| ggobi | no-dsa | etch | package | |
| ggobi | no-dsa | lenny | package | |
| gnash | fixed | 0.8.7-2 | package | |
| gnash | no-dsa | lenny | package | |
| gnu-smalltalk | fixed | 3.1-2 | package | |
| gnu-smalltalk | no-dsa | lenny | package | |
| gnu-smalltalk | no-dsa | etch | package | |
| graphicsmagick | fixed | 1.3.5-6 | package | |
| graphicsmagick | no-dsa | lenny | package | |
| graphicsmagick | no-dsa | etch | package | |
| guile-1.6 | fixed | 1.6.8-7 | package | |
| guile-1.6 | no-dsa | etch | package | |
| guile-1.6 | no-dsa | lenny | package | |
| hamlib | fixed | 1.2.10-1 | package | |
| hamlib | fixed | 1.2.7.1-1+lenny1 | lenny | package |
| hamlib | no-dsa | etch | package | |
| hercules | fixed | 3.06-1.2 | package | |
| hercules | no-dsa | lenny | package | |
| hercules | no-dsa | etch | package | |
| jags | fixed | 1.0.4-1 | package | |
| kdelibs | not-affected | package | ||
| libannodex | removed | package | ||
| libannodex | no-dsa | lenny | package | |
| libannodex | no-dsa | etch | package | |
| libextractor | fixed | 0.5.23+dfsg-4 | package | |
| libextractor | no-dsa | etch | package | |
| libextractor | no-dsa | lenny | package | |
| libmcrypt | not-affected | package | ||
| libtunepimp | fixed | 0.5.3-7.3 | package | |
| libtunepimp | no-dsa | lenny | package | |
| libtunepimp | no-dsa | etch | package | |
| mp4h | fixed | 1.3.1-4.1 | package | |
| mp4h | no-dsa | etch | package | |
| mp4h | no-dsa | lenny | package | |
| naim | removed | package | ||
| naim | no-dsa | lenny | package | |
| naim | no-dsa | etch | package | |
| parser-mysql | fixed | 10.3-2 | package | |
| pinball | fixed | 0.3.1-11 | package | |
| pinball | no-dsa | lenny | package | |
| pinball | no-dsa | etch | package | |
| redland | fixed | 1.0.10-1 | package | |
| redland | not-affected | etch | package | |
| redland | not-affected | lenny | package | |
| siproxd | fixed | 1:0.8.1-1 | package | |
| siproxd | no-dsa | lenny | package | |
| siproxd | no-dsa | etch | package | |
| ski | removed | package | ||
| synfig | fixed | 0.62.00-1 | package | |
| synfig | no-dsa | lenny | package | |
| xmlsec1 | fixed | 1.2.14-1 | package | |
| clamav | fixed | 0.95+dfsg-1 | package | |
| clamav | no-dsa | lenny | package | |
| clamav | no-dsa | etch | package | |
| imagemagick | fixed | 6:6.2.3.1-1 | package | |
| imagemagick | no-dsa | lenny | package | |
| imagemagick | no-dsa | etch | package | |
| hypre | fixed | 2.4.0b-5 | package | |
| hypre | no-dsa | etch | package | |
| hypre | no-dsa | lenny | package | |
| lam | fixed | 7.1.2-1.6 | package | |
| lam | no-dsa | lenny | package | |
| lam | no-dsa | etch | package | |
| openmpi | fixed | 1.3.3-4 | package | |
| openmpi | no-dsa | lenny | package | |
| openmpi | no-dsa | etch | package | |
| parser | fixed | 3.4.0-2 | package | |
| pdsh | not-affected | package | ||
| sdcc | fixed | 2.9.0-5 | package | |
| sdcc | no-dsa | lenny | package | |
| sdcc | no-dsa | etch | package | |
| proftpd-dfsg | not-affected | package | ||
| babel | fixed | 1.4.0.dfsg-5 | package | |
| babel | no-dsa | lenny | package | |
| libprelude | fixed | 0.9.14-2 | package | |
| libprelude | no-dsa | etch | package | |
| heartbeat | fixed | 2.1.4-7 | package | |
| graphviz | fixed | 2.26.3-14 | package | |
| graphviz | fixed | 2.26.3-5+squeeze1 | squeeze | package |
Примечания
requested camserv removal
Embedded code copy isn't used
users with write access can modify configuration to load new extensions, see #559837
the dlopened path is always below /usr/lib/heartbeat, which isn't under control of an attacker
From Squeeze onwards the system copy of ltdl is used, use the current version from Squeeze,
might've been fixed earlier
EPSS
Связанные уязвимости
ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
EPSS