PT-2019-7009 · Slackware · Libiodbc

Published

2019-11-21

Updated

2019-12-03

CVE-2013-7172

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Slackware versions 13.1, 13.37, 14.0, 14.1

Description The issue concerns world-writable permissions on the iodbctest and iodbctestw programs within the libiodbc package. This could allow local users to use RPATH information to execute arbitrary code with root privileges.

Recommendations For Slackware versions 13.1, 13.37, 14.0, 14.1, consider changing the permissions of the iodbctest and iodbctestw programs to prevent world-writable access until a patch is available. As a temporary workaround, restrict the use of the libiodbc package to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2013-7172

Affected Products

Libiodbc

PT-2019-7009 · Slackware · Libiodbc

CVE-2013-7172

Weakness Enumeration

Related Identifiers

Affected Products

References · 5