FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-24 21:00:48 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
77c14729-dc5e-11de-92ae-02e0184b8d35	libtool -- Library Search Path Privilege Escalation Issue Secunia.com Do not attempt to load an unqualified module.la file from the current directory (by default) since doing so is insecure and is not compliant with the documentation. Discovery 2009-11-25 Entry 2009-11-28 Modified 2010-05-02 libtool < 2.2.6b CVE-2009-3736 http://secunia.com/advisories/37414/ http://lists.gnu.org/archive/html/libtool/2009-11/msg00059.html
cacaffbc-5e64-11d8-80e3-0020ed76ef5a	GNU libtool insecure temporary file handling libtool attempts to create a temporary directory in which to write scratch files needed during processing. A malicious user may create a symlink and then manipulate the directory so as to write to files to which she normally has no permissions. This has been reported as a ``symlink vulnerability'', although I do not think that is an accurate description. This vulnerability could possibly be used on a multi-user system to gain elevated privileges, e.g. root builds some packages, and another user successfully exploits this vulnerability to write to a system file. Discovery 2004-01-30 Entry 2004-02-13 libtool ge 1.3 lt 1.3.5_2 ge 1.4 lt 1.4.3_3 ge 1.5 lt 1.5.2 http://www.geocrawler.com/mail/msg.php3?msg_id=3438808&list=405 http://www.securityfocus.com/archive/1/352333

VuXML ID

Description

77c14729-dc5e-11de-92ae-02e0184b8d35

libtool -- Library Search Path Privilege Escalation Issue

Secunia.com

Do not attempt to load an unqualified module.la file from the current directory (by default) since doing so is insecure and is not compliant with the documentation.

Discovery 2009-11-25
Entry 2009-11-28
Modified 2010-05-02
libtool

< 2.2.6b

CVE-2009-3736
http://secunia.com/advisories/37414/
http://lists.gnu.org/archive/html/libtool/2009-11/msg00059.html

cacaffbc-5e64-11d8-80e3-0020ed76ef5a

GNU libtool insecure temporary file handling

libtool attempts to create a temporary directory in which to write scratch files needed during processing. A malicious user may create a symlink and then manipulate the directory so as to write to files to which she normally has no permissions.

This has been reported as a ``symlink vulnerability'', although I do not think that is an accurate description.

This vulnerability could possibly be used on a multi-user system to gain elevated privileges, e.g. root builds some packages, and another user successfully exploits this vulnerability to write to a system file.

Discovery 2004-01-30
Entry 2004-02-13
libtool

ge 1.3 lt 1.3.5_2

ge 1.4 lt 1.4.3_3

ge 1.5 lt 1.5.2

http://www.geocrawler.com/mail/msg.php3?msg_id=3438808&list=405
http://www.securityfocus.com/archive/1/352333