CVE-2009-3736

Name of the Vulnerable Software and Affected Versions libtool versions 1.4.3 through 1.5.22 libtool-libs versions 1.4.3 through 1.5.6 libltdl3-dev version 1.5.x libltdl3 version 1.5.x gcc version 4.1.2 gcc-c++ version 4.1.2 gcc-gfortran version 4.1.2 gcc-gnat version 4.1.2 gcc-java version 4.1.2 gcc-objc version 4.1.2 gcc-objc++ version 4.1.2 libgcj-devel version 4.1.2 libgcj-src version 4.1.2 libmudflap-devel version 4.1.2 libstdc++-devel version 4.1.2

Description The issue allows local users to gain privileges via a Trojan horse file, potentially leading to a breach of confidentiality, integrity, and availability of protected information. This can be achieved by exploiting a vulnerability in the ltdl.c file in libltdl, which attempts to open a .la file in the current working directory. The estimated number of potentially affected devices worldwide is not provided. There is no information about real-world incidents where this issue was exploited.

Recommendations For libtool versions 1.4.3 through 1.5.22, consider disabling the vulnerable ltdl.c file until a patch is available. For libtool-libs versions 1.4.3 through 1.5.6, restrict access to the vulnerable module to minimize the risk of exploitation. For libltdl3-dev and libltdl3 version 1.5.x, avoid using the vulnerable ltdl.c file in the affected API endpoint until the issue is resolved. For gcc and its variants (gcc-c++, gcc-gfortran, gcc-gnat, gcc-java, gcc-objc, gcc-objc++), consider updating to a newer version that contains a fix for this issue. For libgcj-devel, libgcj-src, libmudflap-devel, and libstdc++-devel, restrict access to the vulnerable components to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.