CVE-2013-7172 Information

Description

Slackware 13.1 13.37 14.0 and 14.1 contain world-writable permissions on the iodbctest and iodbctestw programs within the libiodbc package which could allow local users to use RPATH information to execute arbitrary code with root privileges.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

http://www.openwall.com/lists/oss-security/2013/12/20/1 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7172 https://exchange.xforce.ibmcloud.com/vulnerabilities/89916 https://security-tracker.debian.org/tracker/CVE-2013-7172

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8