CVE-2013-7172
Description
Slackware 13.1, 13.37, 14.0 and 14.1 contain world-writable permissions on the iodbctest and iodbctestw programs within the libiodbc package, which could allow local users to use RPATH information to execute arbitrary code with root privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Slackware/libiodbcdescription
Patches
Vulnerability mechanics
Root cause
"The iodbctest and iodbctestw programs in libiodbc have world-writable permissions."
Attack vector
Local users can exploit this vulnerability by leveraging RPATH information. By modifying the world-writable programs, an attacker can potentially execute arbitrary code with root privileges. This is possible because the programs' permissions allow any user to alter their content, including the RPATH settings which control library search paths [ref_id=1].
Affected code
The vulnerability resides in the iodbctest and iodbctestw programs within the libiodbc package. The specific issue is that these programs have world-writable permissions, allowing any user to modify them [ref_id=1].
What the fix does
The advisory does not specify the exact changes made in the patch. However, the fix involves correcting the file permissions for the iodbctest and iodbctestw programs to prevent local users from modifying them. This change ensures that the RPATH information within these executables cannot be manipulated to execute arbitrary code with elevated privileges [ref_id=1].
Preconditions
- authThe attacker must have local access to the affected system.
- inputThe attacker must be able to modify the iodbctest and iodbctestw executables.
Generated on Jun 3, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- www.openwall.com/lists/oss-security/2013/12/20/1mitrex_refsource_MISC
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
- exchange.xforce.ibmcloud.com/vulnerabilities/89916mitrex_refsource_MISC
- security-tracker.debian.org/tracker/CVE-2013-7172mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.