GNU LibTool Local Insecure Temporary Directory Creation Vulnerability
BID:9530
Info
GNU LibTool Local Insecure Temporary Directory Creation Vulnerability
| Bugtraq ID: | 9530 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Jan 30 2004 12:00AM |
| Updated: | Jan 30 2004 12:00AM |
| Credit: | Discovery credited to Stefan Nordhausen; additionally Joseph S. Myers independently discovered this issue. |
| Vulnerable: |
GNU libtool 1.5 GNU libtool 1.4.3 GNU libtool 1.4.2 GNU libtool 1.4.1 GNU libtool 1.4 GNU libtool 1.3.5 GNU libtool 1.3.4 GNU libtool 1.3.3 GNU libtool 1.3.2 GNU libtool 1.3 GNU libtool 1.2 GNU libtool 1.1 GNU libtool 1.0 |
| Not Vulnerable: |
GNU libtool 1.5.2 |
Discussion
GNU LibTool Local Insecure Temporary Directory Creation Vulnerability
A vulnerability has been identified in the creation of temporary directories by the libtool script. Because of this, an attacker may be able to corrupt arbitrary files on a system, in the context of the user invoking the script.
A vulnerability has been identified in the creation of temporary directories by the libtool script. Because of this, an attacker may be able to corrupt arbitrary files on a system, in the context of the user invoking the script.
Exploit / POC
GNU LibTool Local Insecure Temporary Directory Creation Vulnerability
No exploit required for this vulnerability.
No exploit required for this vulnerability.
Solution / Fix
GNU LibTool Local Insecure Temporary Directory Creation Vulnerability
Solution:
It has been reported that this issue has been resolved in version 1.5.2 of libtool. This has not been confirmed by the maintainer or Symantec.
Conectiva has released an advisory CLA-2004:811 with fixes to address this issue. Please see the referenced advisory for more information.
OpenPKG advisory OpenPKG-SA-2004.004 was released to address this issue. Please refer to this advisory for details for obtaining and applying fixes.
Red Hat Fedora Legacy has released advisory FLSA:1268 dealing with this issue for Red Hat Linux 8.0, 7.3 and 7.2. Please see the referenced advisory for more information.
GNU libtool 1.4
GNU libtool 1.4.2
GNU libtool 1.4.3
GNU libtool 1.5
Solution:
It has been reported that this issue has been resolved in version 1.5.2 of libtool. This has not been confirmed by the maintainer or Symantec.
Conectiva has released an advisory CLA-2004:811 with fixes to address this issue. Please see the referenced advisory for more information.
OpenPKG advisory OpenPKG-SA-2004.004 was released to address this issue. Please refer to this advisory for details for obtaining and applying fixes.
Red Hat Fedora Legacy has released advisory FLSA:1268 dealing with this issue for Red Hat Linux 8.0, 7.3 and 7.2. Please see the referenced advisory for more information.
GNU libtool 1.4
-
Fedora libtool-1.4-9.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.2/updates/i386/libtool-1.4-9 .legacy.i386.rpm -
Fedora libtool-libs-1.4-9.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.2/updates/i386/libtool-libs- 1.4-9.legacy.i386.rpm
GNU libtool 1.4.2
-
Conectiva libtool-1.4.2-4U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/libtool-1.4.2-4U80_2cl.i386 .rpm -
Fedora libtool-1.4.2-13.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/libtool-1.4.2 -13.legacy.i386.rpm -
Fedora libtool-1.4.2-14.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/8.0/updates/i386/libtool-1.4.2 -14.legacy.i386.rpm -
Fedora libtool-libs-1.4.2-13.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/libtool-libs- 1.4.2-13.legacy.i386.rpm -
Fedora libtool-libs-1.4.2-14.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/8.0/updates/i386/libtool-libs- 1.4.2-14.legacy.i386.rpm
GNU libtool 1.4.3
-
Conectiva libtool-1.4.3-21152U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/libtool-1.4.3-21152U90_1cl. i386.rpm
GNU libtool 1.5
-
OpenPKG libtool-1.5-1.3.1.src.rpm
ftp://ftp.openpkg.org/release/1.3/UPD/libtool-1.5-1.3.1.src.rpm -
OpenPKG libtool-1.5.2-2.0.1.src.rpm
ftp://ftp.openpkg.org/release/2.0/UPD/libtool-1.5.2-2.0.1.src.rpm
References
GNU LibTool Local Insecure Temporary Directory Creation Vulnerability
References:
References:
- GNU libtool Homepage (GNU)
- libtool /tmp security (Joseph S. Myers)
- Re: Symlink Vulnerability in GNU libtool <1.5.2 (Stefan Nordhausen
) - Re: Symlink Vulnerability in GNU libtool <1.5.2 (Scott James Remnant
) - Re: Symlink Vulnerability in GNU libtool <1.5.2 ("Joseph S. Myers"
) - Symlink Vulnerability in GNU libtool <1.5.2 (Stefan Nordhausen
)