Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Subscribe

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Security Vulnerability

Vigil@nce: GNU Libtool, code execution

December 2009 by Vigil@nce

In some cases, GNU Libtool loads a static library located in the
current directory.

Severity: 2/4

Consequences: user access/rights

Provenance: user shell

Means of attack: 1 attack

Ability of attacker: technician (2/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Creation date: 22/12/2009

IMPACTED PRODUCTS

 Fedora
 Mandriva Corporate
 Mandriva Enterprise Server
 Mandriva Linux
 Mandriva Multi Network Firewall
 Red Hat Enterprise Linux
 Unix - plateform

DESCRIPTION OF THE VULNERABILITY

Dynamic libraries are loaded by dlopen().

The ltdl (Libtool Dynamic Module Loader) is provided by GNU
Libtool to load libraries. It is called by functions lt_dlopen()
and lt_dlopenext().

The ltdl uses files with a ".la" extension to indicate information
on a library. For example:
dlname=’my-lib.so.1’
library_names=’my-lib.so.1.0 my-lib.so.1’
old_library=’my-lib.a’
The value of "old_library" indicates the name of the static
library.

When a program calls:

 lt_dlopen/lt_dlopenext("/absolute/path/my-lib.so") : there is
no vulnerability
 lt_dlopen/lt_dlopenext("my-lib.so") : there is no vulnerability
 lt_dlopen/lt_dlopenext("/absolute/path/my-lib.la"), and if the
/absolute/path/my-lib.la file contains old_library=’my-lib.a’ :
there is a vulnerability
 lt_dlopen/lt_dlopenext("my-lib.la"), and if the attacker can
create the my-lib.la file in the current directory, containing
old_library=’my-lib.a’ : there is a vulnerability
 lt_dlopenext("/absolute/path/my-lib"), and if the
/absolute/path/my-lib.la file contains old_library=’my-lib.a’ :
there is a vulnerability
 lt_dlopenext("my-lib"), and if the attacker can create the
my-lib.la file in the current directory, containing
old_library=’my-lib.a’ : there is a vulnerability
In the 4 indicated cases, ltdl tries to open the my-lib.a file in
the current directory.

A local attacker can therefore, if necessary create my-lib.la, and
create my-lib.a, in the current directory of a user. The attacker
can then invite the victim to run the program, so the malicious
code of my-lib.a runs with his privileges.

CHARACTERISTICS

Identifiers: 537941, BID-37128, CVE-2009-3736, FEDORA-2009-12725,
MDVA-2009:253, MDVSA-2009:307, MDVSA-2009:307-1, MDVSA-2009:318,
RHSA-2009:1646-01, VIGILANCE-VUL-9308

http://vigilance.fr/vulnerability/GNU-Libtool-code-execution-9308


See previous articles

    

See next articles


Security Vulnerability

All our news in english

Alle unsere News auf deutsch

Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts

 
News Files Cyber Security Security Vulnerability Malware Update Diary Guide & Podcast TRAINING Jobs CONTACTS Contact About Mentions légales identifier ADMIN

Global Security Mag Copyright 2011