This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
CVE-2009-3736 libtool: libltdl may load and execute code from a
library in the current directory
A flaw was found in the way GNU Libtool's libltdl library looked for
libraries to load. It was possible for libltdl to load a malicious
library from the current working directory. In certain configurations,
if a local attacker is able to trick a local user into running a Java
application (which uses a function to load native libraries, such as
System.loadLibrary) from within an attacker-controlled directory
containing a malicious library or module, the attacker could possibly
execute arbitrary code with the privileges of the user running the
Java application. (CVE-2009-3736)
All running Java applications using libgcj must be restarted for this
update to take effect.
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 6.9
Family: Scientific Linux Local Security Checks
Nessus Plugin ID: 60722 ()
CVE ID: CVE-2009-3736