Main Vulnerability Database Vulnerabilities #VU35049

Input validation error in Slackware Linux - CVE-2013-7172

Published: November 21, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU35049

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2013-7172

CWE-ID: CWE-20

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Slackware Linux

Software vendor:
Slackware

Description

The vulnerability allows a local authenticated user to execute arbitrary code.

Slackware 13.1, 13.37, 14.0 and 14.1 contain world-writable permissions on the iodbctest and iodbctestw programs within the libiodbc package, which could allow local users to use RPATH information to execute arbitrary code with root privileges.

Remediation

Install update from vendor's website.

External links

http://www.openwall.com/lists/oss-security/2013/12/20/1
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7172
https://exchange.xforce.ibmcloud.com/vulnerabilities/89916
https://security-tracker.debian.org/tracker/CVE-2013-7172

Input validation error in Slackware Linux - CVE-2013-7172

Description

Remediation

External links

Please verify you're human