Lucene search

Ubuntu.comUB:CVE-2013-7172

HistoryNov 21, 2019 - 12:00 a.m.

CVE-2013-7172

2019-11-2100:00:00

ubuntu.com

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

Slackware 13.1, 13.37, 14.0 and 14.1 contain world-writable permissions on
the iodbctest and iodbctestw programs within the libiodbc package, which
could allow local users to use RPATH information to execute arbitrary code
with root privileges.

Notes

Author	Note
mdeslaur	can’t find RPATH in our binaries, likely slackware-specific

References

www.openwall.com/lists/oss-security/2013/12/19

launchpad.net/bugs/cve/CVE-2013-7172

nvd.nist.gov/vuln/detail/CVE-2013-7172

security-tracker.debian.org/tracker/CVE-2013-7172

www.cve.org/CVERecord?id=CVE-2013-7172

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for UB:CVE-2013-7172