[redland-announce] CVE-2009-3736 local privilege escalation - may affect redland 1.0.9
Dave Beckett
dave at dajobe.org
Mon Dec 14 04:45:41 CET 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
CVE-2009-3736 says:
| ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b,
| attempts to open a .la file in the current working directory, which
| allows local users to gain privileges via a Trojan horse file.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3736
The redland 1.0.9 release from April 2009 was built with an affected libtool
2.2.6 and uses it to load storage modules dynamically from /usr/lib/redland.
MD5 e5ef0c29c55b4f0f5aeed7955b4d383b redland-1.0.9.tar.gz
It's hard for me to tell how important this is since I've not been able to
verify it on Linux[1], for one thing. It might be more of a concern on
other OSes that do dynamic loading of modules a different way.
If you are worried about this, I've attached the patch to 1.0.9 that changes
ltdl.c the way the CVE expects. It's untested since I can't verify there is
a problem.
Redland's next release won't have this problem since it'll be built with the
libtool 2.2.6b
Dave
[1] https://bugzilla.redhat.com/show_bug.cgi?id=537941#c7
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (Darwin)
iD8DBQFLJbTjQ+ySUE9xlVoRAqW0AJ9bq3xA9eCd2498R2QbcQOHtf0qLQCfUdFA
Vigo6s57LQuSrm/okCTBlck=
=wL5a
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: redland-1.0.9-cve-2009-2736.patch
Type: text/x-patch
Size: 1579 bytes
Desc: not available
Url : http://lists.librdf.org/pipermail/redland-announce/attachments/20091213/ee3edb24/attachment.bin
More information about the redland-announce
mailing list