[redland-dev] CVE-2009-3736 local privilege escalation - may affect redland 1.0.9
dave at dajobe.org
Mon Dec 14 04:45:41 CET 2009
-----BEGIN PGP SIGNED MESSAGE-----
| ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b,
| attempts to open a .la file in the current working directory, which
| allows local users to gain privileges via a Trojan horse file.
The redland 1.0.9 release from April 2009 was built with an affected libtool
2.2.6 and uses it to load storage modules dynamically from /usr/lib/redland.
MD5 e5ef0c29c55b4f0f5aeed7955b4d383b redland-1.0.9.tar.gz
It's hard for me to tell how important this is since I've not been able to
verify it on Linux, for one thing. It might be more of a concern on
other OSes that do dynamic loading of modules a different way.
If you are worried about this, I've attached the patch to 1.0.9 that changes
ltdl.c the way the CVE expects. It's untested since I can't verify there is
Redland's next release won't have this problem since it'll be built with the
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (Darwin)
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1579 bytes
Desc: not available
Url : http://lists.librdf.org/pipermail/redland-dev/attachments/20091213/ee3edb24/attachment.bin
More information about the redland-dev