Guest

Preview Tool

Cisco Bug: CSCtd70320 - RHEL RPM Update To Address Libtool Vulnerability

Last Modified

Aug 06, 2018

Products (1)

  • Cisco Unified Communications Manager (CallManager)

Known Affected Releases

6.1(5) 8.0

Description (partial)

Symptoms:
Cisco Unified Communications Manager includes a version of RedHat Enterprise Linux that is affected by the vulnerabilities identified by the following advisory: 

https://rhn.redhat.com/errata/RHSA-2009-1646.html

A flaw was found in the way GNU Libtool's libltdl library looked for
modules to load. It was possible for libltdl to load and run modules from
an arbitrary library in the current working directory. If a local attacker
could trick a local user into running an application (which uses libltdl)
from an attacker-controlled directory containing a malicious Libtool
control file (.la), the attacker could possibly execute arbitrary code with
the privileges of the user running the application. (CVE-2009-3736)

Cisco has analyzed these vulnerabilities and concluded that Cisco CUCM is not impacted.


Conditions:
Not applicable
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.