Vulnerability Description
arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might allow attackers to gain root privileges by leveraging other vulnerabilities in the daemon.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lawrence Berkeley National Laboratory | Arpwatch | 2.1a15 |
References
- http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082553.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082565.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082569.html
- http://www.debian.org/security/2012/dsa-2481
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:113
- http://www.openwall.com/lists/oss-security/2012/05/24/12
- http://www.openwall.com/lists/oss-security/2012/05/24/13
- http://www.openwall.com/lists/oss-security/2012/05/24/14
- http://www.openwall.com/lists/oss-security/2012/05/25/5
- https://security.gentoo.org/glsa/201607-16
- http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082553.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082565.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082569.html
- http://www.debian.org/security/2012/dsa-2481
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:113
FAQ
What is CVE-2012-2653?
CVE-2012-2653 is a vulnerability with a CVSS score of 10.0 (HIGH). arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might allow attackers to gain root privileges by leveraging other vulnerabi...
How severe is CVE-2012-2653?
CVE-2012-2653 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-2653?
Check the references section above for vendor advisories and patch information. Affected products include: Lawrence Berkeley National Laboratory Arpwatch.