Search for vulnerabilities
Vulnerability details: VCID-kdf2-e615-aaaj
Vulnerability ID VCID-kdf2-e615-aaaj
Aliases CVE-2009-3736
Summary ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
rhas Moderate https://access.redhat.com/errata/RHSA-2009:1646
rhas Moderate https://access.redhat.com/errata/RHSA-2010:0039
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00044 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00085 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00085 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00085 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00085 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00085 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00085 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00085 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00085 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00085 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00085 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00085 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00085 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00085 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00085 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00085 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00085 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00085 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00085 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00085 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00085 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00085 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00085 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00085 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00085 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00085 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00085 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00097 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
epss 0.00128 https://api.first.org/data/v1/epss?cve=CVE-2009-3736
generic_textual MODERATE http://secunia.com/advisories/38915
cvssv2 6.9 https://nvd.nist.gov/vuln/detail/CVE-2009-3736
Reference id Reference type URL
ftp://ftp.gnu.org/gnu/libtool/libtool-2.2.6a-2.2.6b.diff.gz
http://git.savannah.gnu.org/cgit/libtool.git/commit/?h=branch-1-5&id=29b48580df75f0c5baa2962548a4c101ec7ed7ec
http://hamlib.svn.sourceforge.net/viewvc/hamlib/trunk/libltdl/Makefile.am?revision=2841&view=markup
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035133.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035168.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054656.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054915.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054921.html
http://lists.gnu.org/archive/html/libtool/2009-11/msg00059.html
http://lists.gnu.org/archive/html/libtool/2009-11/msg00065.html
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3736.json
https://api.first.org/data/v1/epss?cve=CVE-2009-3736
https://bugzilla.redhat.com/show_bug.cgi?id=537941
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3736
http://secunia.com/advisories/37414
http://secunia.com/advisories/37489
http://secunia.com/advisories/37997
http://secunia.com/advisories/38190
http://secunia.com/advisories/38577
http://secunia.com/advisories/38617
http://secunia.com/advisories/38696
http://secunia.com/advisories/38915
http://secunia.com/advisories/39299
http://secunia.com/advisories/39347
http://secunia.com/advisories/43617
http://secunia.com/advisories/55721
http://security.gentoo.org/glsa/glsa-201311-10.xml
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11687
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6951
https://rhn.redhat.com/errata/RHSA-2010-0095.html
http://support.avaya.com/css/P8/documents/100074869
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01512.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:307
http://www.mandriva.com/security/advisories?name=MDVSA-2010:035
http://www.mandriva.com/security/advisories?name=MDVSA-2010:091
http://www.mandriva.com/security/advisories?name=MDVSA-2010:105
http://www.redhat.com/support/errata/RHSA-2010-0039.html
http://www.securityfocus.com/bid/37128
http://www.vupen.com/english/advisories/2011/0574
559797 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559797
cpe:2.3:a:gnu:libtool:1.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:libtool:1.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:libtool:1.5.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:libtool:1.5.10:*:*:*:*:*:*:*
cpe:2.3:a:gnu:libtool:1.5.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:libtool:1.5.12:*:*:*:*:*:*:*
cpe:2.3:a:gnu:libtool:1.5.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:libtool:1.5.14:*:*:*:*:*:*:*
cpe:2.3:a:gnu:libtool:1.5.16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:libtool:1.5.16:*:*:*:*:*:*:*
cpe:2.3:a:gnu:libtool:1.5.18:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:libtool:1.5.18:*:*:*:*:*:*:*
cpe:2.3:a:gnu:libtool:1.5.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:libtool:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:libtool:1.5.20:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:libtool:1.5.20:*:*:*:*:*:*:*
cpe:2.3:a:gnu:libtool:1.5.22:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:libtool:1.5.22:*:*:*:*:*:*:*
cpe:2.3:a:gnu:libtool:1.5.24:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:libtool:1.5.24:*:*:*:*:*:*:*
cpe:2.3:a:gnu:libtool:1.5.26:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:libtool:1.5.26:*:*:*:*:*:*:*
cpe:2.3:a:gnu:libtool:1.5.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:libtool:1.5.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:libtool:1.5.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:libtool:1.5.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:libtool:1.5.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:libtool:1.5.8:*:*:*:*:*:*:*
cpe:2.3:a:gnu:libtool:2.2.6a:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:libtool:2.2.6a:*:*:*:*:*:*:*
CVE-2009-3736 https://nvd.nist.gov/vuln/detail/CVE-2009-3736
GLSA-201311-10 https://security.gentoo.org/glsa/201311-10
GLSA-201412-08 https://security.gentoo.org/glsa/201412-08
RHSA-2009:1646 https://access.redhat.com/errata/RHSA-2009:1646
RHSA-2010:0039 https://access.redhat.com/errata/RHSA-2010:0039
No exploits are available.
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2009-3736
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.10982
EPSS Score 0.00044
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.