ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b,
attempts to open a .la file in the current working directory, which
allows local users to gain privileges via a Trojan horse file.
Also I don't really like it's using a shipped copy of libtool, when it should be using the system's libltdl so I've patched it out.
See the attached patch.
Log in to post a comment.