FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
cacaffbc-5e64-11d8-80e3-0020ed76ef5a	GNU libtool insecure temporary file handling libtool attempts to create a temporary directory in which to write scratch files needed during processing. A malicious user may create a symlink and then manipulate the directory so as to write to files to which she normally has no permissions. This has been reported as a ``symlink vulnerability'', although I do not think that is an accurate description. This vulnerability could possibly be used on a multi-user system to gain elevated privileges, e.g. root builds some packages, and another user successfully exploits this vulnerability to write to a system file. Discovery 2004-01-30 Entry 2004-02-13 libtool >= 1.3 lt 1.3.5_2 >= 1.4 lt 1.4.3_3 >= 1.5 lt 1.5.2 http://www.geocrawler.com/mail/msg.php3?msg_id=3438808&list=405 http://www.securityfocus.com/archive/1/352333
77c14729-dc5e-11de-92ae-02e0184b8d35	libtool -- Library Search Path Privilege Escalation Issue Secunia.com Do not attempt to load an unqualified module.la file from the current directory (by default) since doing so is insecure and is not compliant with the documentation. Discovery 2009-11-25 Entry 2009-11-28 Modified 2010-05-02 libtool < 2.2.6b CVE-2009-3736 http://secunia.com/advisories/37414/ http://lists.gnu.org/archive/html/libtool/2009-11/msg00059.html

VuXML ID

Description

cacaffbc-5e64-11d8-80e3-0020ed76ef5a

GNU libtool insecure temporary file handling

libtool attempts to create a temporary directory in which to write scratch files needed during processing. A malicious user may create a symlink and then manipulate the directory so as to write to files to which she normally has no permissions.

This has been reported as a ``symlink vulnerability'', although I do not think that is an accurate description.

This vulnerability could possibly be used on a multi-user system to gain elevated privileges, e.g. root builds some packages, and another user successfully exploits this vulnerability to write to a system file.

Discovery 2004-01-30
Entry 2004-02-13
libtool

>= 1.3 lt 1.3.5_2

>= 1.4 lt 1.4.3_3

>= 1.5 lt 1.5.2

http://www.geocrawler.com/mail/msg.php3?msg_id=3438808&list=405
http://www.securityfocus.com/archive/1/352333

77c14729-dc5e-11de-92ae-02e0184b8d35

libtool -- Library Search Path Privilege Escalation Issue

Secunia.com

Do not attempt to load an unqualified module.la file from the current directory (by default) since doing so is insecure and is not compliant with the documentation.

Discovery 2009-11-25
Entry 2009-11-28
Modified 2010-05-02
libtool

< 2.2.6b

CVE-2009-3736
http://secunia.com/advisories/37414/
http://lists.gnu.org/archive/html/libtool/2009-11/msg00059.html