安全研究
安全漏洞
GNU Libtool libltdl库搜索路径本地权限提升漏洞
发布日期:2009-11-16
更新日期:2009-12-01
受影响系统:
GNU libtool 2.2.6不受影响系统:
GNU libtool 1.5.x
GNU libtool 2.2.6b描述:
BUGTRAQ ID: 37128
CVE(CAN) ID: CVE-2009-3736
GNU libtool是一个通用库支持脚本,将使用动态库的复杂性隐藏在统一、可移植的接口中。
GNU Libtool的libltdl库中的ltdl.c文件将当前工作目录用作了库的搜索路径,如果攻击者创建了恶意的共享对象或.la文件并诱骗用户使用同一目录中的libtool库执行应用程序,就会导致执行任意代码。
<*来源:Vincent Danen
链接:http://secunia.com/advisories/37414
https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=537941
http://www.debian.org/security/2009/dsa-1958
https://www.redhat.com/support/errata/RHSA-2010-0039.html
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
建议:
厂商补丁:
Debian
------
Debian已经为此发布了一个安全公告(DSA-1958-1)以及相应补丁:
DSA-1958-1:New libtool packages fix privilege escalation
链接:http://www.debian.org/security/2009/dsa-1958
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1.diff.gz
Size/MD5 checksum: 15804 5479bf2874720d1a57bc051938939c0a
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22.orig.tar.gz
Size/MD5 checksum: 2921483 8e0ac9797b62ba4dcc8a2fb7936412b0
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1.dsc
Size/MD5 checksum: 791 928acd111c5fef379758412cc69d6955
Architecture independent packages:
http://security.debian.org/pool/updates/main/libt/libtool/libtool-doc_1.5.22-4+etch1_all.deb
Size/MD5 checksum: 340218 48ef3b50f8af4b55f95ab0537dedeae9
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_alpha.deb
Size/MD5 checksum: 328232 c46de180b19450c2842198a034c5b8ba
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_alpha.deb
Size/MD5 checksum: 170758 f1ac388e3c8f479fa2e7acca4e05f484
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_alpha.deb
Size/MD5 checksum: 366952 787b6b0712ad3729077a94177c854c50
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_amd64.deb
Size/MD5 checksum: 327578 64e861399087ac313e9112633e320db0
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_amd64.deb
Size/MD5 checksum: 362486 0cd43dfdfac787ae4f03c99d316ee21c
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_amd64.deb
Size/MD5 checksum: 169952 2383913d7e69ab07a030ed0402e32683
arm architecture (ARM)
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_arm.deb
Size/MD5 checksum: 329532 1e77e291f168cd28edbe30017ea7b822
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_arm.deb
Size/MD5 checksum: 362006 aeeccab2b130622286ff22a62bbb67f6
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_arm.deb
Size/MD5 checksum: 168932 227df6a702975694b4824277e39397f7
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_hppa.deb
Size/MD5 checksum: 171194 547d0ef8dcad18bf6bcf879bee76618e
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_hppa.deb
Size/MD5 checksum: 365948 720bb673659bca908c80a87115ced3b3
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_hppa.deb
Size/MD5 checksum: 329352 f6201f75e7a6c6571c60f8ea54da9513
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_i386.deb
Size/MD5 checksum: 168334 5f0f5afefa54c57ff00a1688b79daaae
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_i386.deb
Size/MD5 checksum: 327562 2f3cf778e937d324b2082286ac531915
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_i386.deb
Size/MD5 checksum: 361676 ff14fcaece7267e5af27ebf077caf5ea
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_ia64.deb
Size/MD5 checksum: 175104 112a54f534e23a3880131c458e957306
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_ia64.deb
Size/MD5 checksum: 369056 b6f2318d1cd51e9faec4c8802cc0de71
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_ia64.deb
Size/MD5 checksum: 328294 abcb9fe2b00b48274f4e9de0fd27ed50
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_mips.deb
Size/MD5 checksum: 364572 ae6c61c8422bf908dc9b5f18fff01e67
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_mips.deb
Size/MD5 checksum: 169100 5243a37ce072d6187ea1e34cbf7e6fbf
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_mips.deb
Size/MD5 checksum: 328044 378a35600bd73d5e426e5c832f207ac2
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_mipsel.deb
Size/MD5 checksum: 364580 79b7a9f63df6e20bfd7746e3ae793ea8
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_mipsel.deb
Size/MD5 checksum: 169202 fa3945f2bab5771aeffbef127cc45611
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_mipsel.deb
Size/MD5 checksum: 328066 a0057c854f9eb9c446e562a3e5709c4b
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_powerpc.deb
Size/MD5 checksum: 171152 f13fa1eac3ff685260e23ff0c2420233
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_powerpc.deb
Size/MD5 checksum: 365566 6c159f990d8dc9accbe19467d051dde8
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_powerpc.deb
Size/MD5 checksum: 330962 f9f24a31ad1f58bf59ec28c9575935c0
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_s390.deb
Size/MD5 checksum: 328270 c4b08dee489f328b19ad516dee216962
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_s390.deb
Size/MD5 checksum: 362352 8ee935bdbbb1f4c95f57825ee86f616c
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_s390.deb
Size/MD5 checksum: 170398 590304f4913f49222d11fabe32332555
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.22-4+etch1_sparc.deb
Size/MD5 checksum: 363224 aeb1e4d3251979e6a55177c3366850ad
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.22-4+etch1_sparc.deb
Size/MD5 checksum: 168816 8fe6d60b06d6de10f7960aca438df40a
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.22-4+etch1_sparc.deb
Size/MD5 checksum: 329702 074ff3128d67b1717b3a1ccd0d70a970
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1.diff.gz
Size/MD5 checksum: 15298 7895536891fe733289193346f1211b1f
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1.dsc
Size/MD5 checksum: 1158 2c0110d02430920cefe418c00b08e5a3
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26.orig.tar.gz
Size/MD5 checksum: 2961939 aa9c5107f3ec9ef4200eb6556f3b3c29
Architecture independent packages:
http://security.debian.org/pool/updates/main/libt/libtool/libtool-doc_1.5.26-4+lenny1_all.deb
Size/MD5 checksum: 353398 00fdb1c5aacbe2bfd76e974072cecd92
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_alpha.deb
Size/MD5 checksum: 340108 3d99e043fd16ae4af9acd16efc1fff26
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_alpha.deb
Size/MD5 checksum: 180254 2030953d25d5b7fa12f536c76d4546e5
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_alpha.deb
Size/MD5 checksum: 377734 ded6b77079273f704065f9f6475da4c7
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_amd64.deb
Size/MD5 checksum: 342324 024dd362d4fc2f38f3b81494164bd4c0
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_amd64.deb
Size/MD5 checksum: 179612 11d74a42ceb86748828417ecb82ca661
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_amd64.deb
Size/MD5 checksum: 368974 740e2aba77ce0401161317cecea761b4
arm architecture (ARM)
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_arm.deb
Size/MD5 checksum: 341736 e5fe5c3ffa5d5de1b073bb91eac8a8b0
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_arm.deb
Size/MD5 checksum: 178324 327d37b6946885a0aa06b7d36d2366ce
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_arm.deb
Size/MD5 checksum: 371700 afd48c2330e97b428a66bff30df8dcb8
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_armel.deb
Size/MD5 checksum: 341552 f33f24ea711ad50d8272905b008fa07b
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_armel.deb
Size/MD5 checksum: 178428 037eaffb7d97ac009f3e4f47f4084c8e
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_armel.deb
Size/MD5 checksum: 372294 e4ebc8b9b39d3408ee7b013f6110a534
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_hppa.deb
Size/MD5 checksum: 342994 78b16e97b4f6d5ee535f5a9849d060b2
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_hppa.deb
Size/MD5 checksum: 180100 f2118a5317c1523f2edf902492f11c38
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_hppa.deb
Size/MD5 checksum: 376492 37816a937fed1aa3e5c8a9d1bda2da26
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_i386.deb
Size/MD5 checksum: 371688 296a45a98910fbf8210ebdddd7a32d3d
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_i386.deb
Size/MD5 checksum: 177256 d719aec237df6bc5b8d750dec91cbef2
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_i386.deb
Size/MD5 checksum: 340266 56f624655ef5e058047a9f371260b70d
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_ia64.deb
Size/MD5 checksum: 340338 c824369bbc99fd250112c9b19166e3b8
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_ia64.deb
Size/MD5 checksum: 379582 69b5eee78005d15b7b401d27c5f1d1f0
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_ia64.deb
Size/MD5 checksum: 184492 97c04d77404888003be057d64318a4b4
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_mips.deb
Size/MD5 checksum: 340324 13cec80a9732f7ebe1a4b9b1c3437676
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_mips.deb
Size/MD5 checksum: 178136 8c14238558d3712f1ba13ccdf832b6e7
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_mips.deb
Size/MD5 checksum: 374582 e34e1dce0adbe82708cf1414b18b9ee8
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_mipsel.deb
Size/MD5 checksum: 374506 0433b8b68f5cf7eaf4011bd27afc200a
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_mipsel.deb
Size/MD5 checksum: 340308 b80fa5af20cb7d42cae3387bc2637bfa
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_mipsel.deb
Size/MD5 checksum: 178204 e3936e2dbe0eb3634b0ea82032b38711
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_powerpc.deb
Size/MD5 checksum: 375240 e62c37f7f3a4768d50273f048f38f4fc
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_powerpc.deb
Size/MD5 checksum: 180654 d3cd620555224ae9ad381f01f097556f
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_powerpc.deb
Size/MD5 checksum: 343366 2b09e0d1c5ede965df7cccafb58bb8b8
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_s390.deb
Size/MD5 checksum: 179634 7e19a9d6985c0f3d7769a6b29ea948ac
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_s390.deb
Size/MD5 checksum: 340302 5b26c4c3cf96ef1f129cdf28af8f6c46
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_s390.deb
Size/MD5 checksum: 372154 797787dcf36fb7a820f8d70da82a5e56
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3_1.5.26-4+lenny1_sparc.deb
Size/MD5 checksum: 177310 0d3bb2aebb71f94eb90b2e098efa3dfc
http://security.debian.org/pool/updates/main/libt/libtool/libltdl3-dev_1.5.26-4+lenny1_sparc.deb
Size/MD5 checksum: 373190 e87271026a1b94f47e1e9bda5a74a6d7
http://security.debian.org/pool/updates/main/libt/libtool/libtool_1.5.26-4+lenny1_sparc.deb
Size/MD5 checksum: 341944 9ae772fd5ac03c0552221c744ad3a969
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
GNU
---
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://lists.gnu.org/archive/html/libtool/2009-11/msg00059.html
RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2010:0039-01)以及相应补丁:
RHSA-2010:0039-01:Moderate: gcc and gcc4 security update
链接:https://www.redhat.com/support/errata/RHSA-2010-0039.html
浏览次数:5746
严重程度:0(网友投票)
绿盟科技给您安全的保障