Vulnerability Description
Slackware 13.1, 13.37, 14.0 and 14.1 contain world-writable permissions on the iodbctest and iodbctestw programs within the libiodbc package, which could allow local users to use RPATH information to execute arbitrary code with root privileges.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Slackware | Slackware Linux | 13.1 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2013/12/20/1Mailing ListThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7172Issue TrackingThird Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/89916Third Party AdvisoryVDB Entry
- https://security-tracker.debian.org/tracker/CVE-2013-7172Third Party Advisory
- http://www.openwall.com/lists/oss-security/2013/12/20/1Mailing ListThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7172Issue TrackingThird Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/89916Third Party AdvisoryVDB Entry
- https://security-tracker.debian.org/tracker/CVE-2013-7172Third Party Advisory
FAQ
What is CVE-2013-7172?
CVE-2013-7172 is a vulnerability with a CVSS score of 7.8 (HIGH). Slackware 13.1, 13.37, 14.0 and 14.1 contain world-writable permissions on the iodbctest and iodbctestw programs within the libiodbc package, which could allow local users to use RPATH information to ...
How severe is CVE-2013-7172?
CVE-2013-7172 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-7172?
Check the references section above for vendor advisories and patch information. Affected products include: Slackware Slackware Linux.