CVE-2013-7172

CVE Database · CVE-2013-7172

CVE-2013-7172

· HIGHModified

CVSS v3.1

7.8

EPSS

0.46%

Published

Nov 21, 2019

Modified

Nov 20, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Slackware 13.1, 13.37, 14.0 and 14.1 contain world-writable permissions on the iodbctest and iodbctestw programs within the libiodbc package, which could allow local users to use RPATH information to execute arbitrary code with root privileges.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-20

Affected Products (4)

slackware · slackware_linuxvulnerable

References (8)

http://www.openwall.com/lists/oss-security/2013/12/20/1

Mailing ListThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7172

Issue TrackingThird Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/89916

Third Party AdvisoryVDB Entry

https://security-tracker.debian.org/tracker/CVE-2013-7172

Third Party Advisory

http://www.openwall.com/lists/oss-security/2013/12/20/1

Mailing ListThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7172

KEV Catalog EPSS Scores Vendors All CVEs