CVE-2013-7172

CWE-20Improper Input Validation6 documents6 sources
Severity
7.8HIGH
EPSS
0.1%
top 68.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Slackware Slackware Linux
Timeline
PublishedNov 21
Latest updateMay 5

Description

Slackware 13.1, 13.37, 14.0 and 14.1 contain world-writable permissions on the iodbctest and iodbctestw programs within the libiodbc package, which could allow local users to use RPATH information to execute arbitrary code with root privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

NVDslackware/slackware_linux4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-m56q-mw4m-85fm: Slackware 132022-05-05
CVEList
CVE-2013-7172: Slackware 132019-11-21

📋Vendor Advisories

2
Red Hat
libiodbc: insecure RPATH in certain binaries2013-12-17
Debian
CVE-2013-7172: libiodbc2 - Slackware 13.1, 13.37, 14.0 and 14.1 contain world-writable permissions on the i...2013

💬Community

1
Bugzilla
CVE-2013-7172 libiodbc: insecure RPATH in certain binaries2013-12-19