Input validation error in Slackware Linux - CVE-2013-7172

 

Input validation error in Slackware Linux - CVE-2013-7172

Published: November 21, 2019 / Updated: August 8, 2020


Vulnerability identifier: #VU35049
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2013-7172
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Slackware
Affected software:
Slackware Linux

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

Slackware 13.1, 13.37, 14.0 and 14.1 contain world-writable permissions on the iodbctest and iodbctestw programs within the libiodbc package, which could allow local users to use RPATH information to execute arbitrary code with root privileges.


How to mitigate CVE-2013-7172

Install update from vendor's website.

Sources